From 461211ee5aba06590193a905ba50678ac47e3207 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:25:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0054.json | 210 +++++++-------- 2005/0xxx/CVE-2005-0197.json | 190 +++++++------- 2005/0xxx/CVE-2005-0253.json | 140 +++++----- 2005/1xxx/CVE-2005-1811.json | 150 +++++------ 2005/3xxx/CVE-2005-3234.json | 130 +++++----- 2005/3xxx/CVE-2005-3707.json | 210 +++++++-------- 2005/3xxx/CVE-2005-3862.json | 200 +++++++-------- 2005/3xxx/CVE-2005-3963.json | 180 ++++++------- 2005/3xxx/CVE-2005-3986.json | 180 ++++++------- 2005/4xxx/CVE-2005-4237.json | 160 ++++++------ 2005/4xxx/CVE-2005-4599.json | 200 +++++++-------- 2005/4xxx/CVE-2005-4712.json | 120 ++++----- 2005/4xxx/CVE-2005-4838.json | 260 +++++++++---------- 2009/0xxx/CVE-2009-0089.json | 180 ++++++------- 2009/0xxx/CVE-2009-0558.json | 200 +++++++-------- 2009/1xxx/CVE-2009-1030.json | 180 ++++++------- 2009/1xxx/CVE-2009-1841.json | 450 ++++++++++++++++----------------- 2009/3xxx/CVE-2009-3008.json | 130 +++++----- 2009/3xxx/CVE-2009-3575.json | 160 ++++++------ 2009/3xxx/CVE-2009-3695.json | 210 +++++++-------- 2009/4xxx/CVE-2009-4253.json | 150 +++++------ 2009/4xxx/CVE-2009-4494.json | 140 +++++----- 2009/4xxx/CVE-2009-4873.json | 150 +++++------ 2012/2xxx/CVE-2012-2060.json | 150 +++++------ 2012/2xxx/CVE-2012-2336.json | 200 +++++++-------- 2012/2xxx/CVE-2012-2501.json | 34 +-- 2012/2xxx/CVE-2012-2660.json | 180 ++++++------- 2012/2xxx/CVE-2012-2920.json | 170 ++++++------- 2015/0xxx/CVE-2015-0206.json | 420 +++++++++++++++--------------- 2015/0xxx/CVE-2015-0374.json | 290 ++++++++++----------- 2015/1xxx/CVE-2015-1039.json | 150 +++++------ 2015/1xxx/CVE-2015-1072.json | 200 +++++++-------- 2015/1xxx/CVE-2015-1154.json | 170 ++++++------- 2015/1xxx/CVE-2015-1164.json | 160 ++++++------ 2015/1xxx/CVE-2015-1515.json | 130 +++++----- 2015/1xxx/CVE-2015-1708.json | 140 +++++----- 2015/1xxx/CVE-2015-1839.json | 160 ++++++------ 2015/5xxx/CVE-2015-5280.json | 34 +-- 2015/5xxx/CVE-2015-5375.json | 150 +++++------ 2015/5xxx/CVE-2015-5443.json | 120 ++++----- 2015/5xxx/CVE-2015-5489.json | 140 +++++----- 2015/5xxx/CVE-2015-5781.json | 170 ++++++------- 2018/11xxx/CVE-2018-11546.json | 120 ++++----- 2018/11xxx/CVE-2018-11630.json | 34 +-- 2018/3xxx/CVE-2018-3091.json | 142 +++++------ 2018/3xxx/CVE-2018-3322.json | 34 +-- 2018/3xxx/CVE-2018-3633.json | 34 +-- 2018/3xxx/CVE-2018-3719.json | 132 +++++----- 2018/3xxx/CVE-2018-3829.json | 130 +++++----- 2018/3xxx/CVE-2018-3854.json | 120 ++++----- 2018/7xxx/CVE-2018-7183.json | 200 +++++++-------- 2018/7xxx/CVE-2018-7383.json | 34 +-- 2018/7xxx/CVE-2018-7467.json | 120 ++++----- 2018/7xxx/CVE-2018-7899.json | 122 ++++----- 2018/8xxx/CVE-2018-8103.json | 120 ++++----- 2018/8xxx/CVE-2018-8392.json | 428 +++++++++++++++---------------- 2018/8xxx/CVE-2018-8527.json | 170 ++++++------- 2018/8xxx/CVE-2018-8615.json | 34 +-- 58 files changed, 4711 insertions(+), 4711 deletions(-) diff --git a/2005/0xxx/CVE-2005-0054.json b/2005/0xxx/CVE-2005-0054.json index ca18cd5ed72..03ea7b05a93 100644 --- a/2005/0xxx/CVE-2005-0054.json +++ b/2005/0xxx/CVE-2005-0054.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the \"URL Decoding Zone Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050209 Internet Explorer zone spoofing with encoded URLs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110796851002781&w=2" - }, - { - "name" : "MS05-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" - }, - { - "name" : "TA05-039A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" - }, - { - "name" : "VU#580299", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/580299" - }, - { - "name" : "oval:org.mitre.oval:def:1308", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308" - }, - { - "name" : "oval:org.mitre.oval:def:1736", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736" - }, - { - "name" : "oval:org.mitre.oval:def:3060", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060" - }, - { - "name" : "oval:org.mitre.oval:def:3196", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196" - }, - { - "name" : "oval:org.mitre.oval:def:3586", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586" - }, - { - "name" : "ie-file-url-encode(19214)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the \"URL Decoding Zone Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:3196", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196" + }, + { + "name": "ie-file-url-encode(19214)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214" + }, + { + "name": "MS05-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014" + }, + { + "name": "TA05-039A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" + }, + { + "name": "oval:org.mitre.oval:def:3060", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060" + }, + { + "name": "oval:org.mitre.oval:def:1736", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736" + }, + { + "name": "20050209 Internet Explorer zone spoofing with encoded URLs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110796851002781&w=2" + }, + { + "name": "oval:org.mitre.oval:def:3586", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586" + }, + { + "name": "oval:org.mitre.oval:def:1308", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308" + }, + { + "name": "VU#580299", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/580299" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0197.json b/2005/0xxx/CVE-2005-0197.json index 2a22e495f1c..9aafa5c64c4 100644 --- a/2005/0xxx/CVE-2005-0197.json +++ b/2005/0xxx/CVE-2005-0197.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050126 Crafted Packet Causes Reload on Cisco Routers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml" - }, - { - "name" : "TA05-026A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-026A.html" - }, - { - "name" : "VU#583638", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/583638" - }, - { - "name" : "12369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12369" - }, - { - "name" : "oval:org.mitre.oval:def:5662", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5662" - }, - { - "name" : "1013015", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013015" - }, - { - "name" : "14031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14031" - }, - { - "name" : "cisco-ios-mpls-dos(19071)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#583638", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/583638" + }, + { + "name": "oval:org.mitre.oval:def:5662", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5662" + }, + { + "name": "14031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14031" + }, + { + "name": "cisco-ios-mpls-dos(19071)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19071" + }, + { + "name": "12369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12369" + }, + { + "name": "TA05-026A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-026A.html" + }, + { + "name": "1013015", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013015" + }, + { + "name": "20050126 Crafted Packet Causes Reload on Cisco Routers", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0253.json b/2005/0xxx/CVE-2005-0253.json index 8be24f645c7..33549c30368 100644 --- a/2005/0xxx/CVE-2005-0253.json +++ b/2005/0xxx/CVE-2005-0253.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050217 Advisory: Multiple Vulnerabilities in BibORB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110868948719773&w=2" - }, - { - "name" : "20050217 Advisory: Multiple Vulnerabilities in BibORB", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110864983905770&w=2" - }, - { - "name" : "12583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12583" + }, + { + "name": "20050217 Advisory: Multiple Vulnerabilities in BibORB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110868948719773&w=2" + }, + { + "name": "20050217 Advisory: Multiple Vulnerabilities in BibORB", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110864983905770&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1811.json b/2005/1xxx/CVE-2005-1811.json index 678b85de250..2d1a236dee7 100644 --- a/2005/1xxx/CVE-2005-1811.json +++ b/2005/1xxx/CVE-2005-1811.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050530 MyBB 1.0 RC4 XSS Bug", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/May/0338.html" - }, - { - "name" : "13819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13819" - }, - { - "name" : "1014081", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014081" - }, - { - "name" : "15552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014081", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014081" + }, + { + "name": "20050530 MyBB 1.0 RC4 XSS Bug", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/May/0338.html" + }, + { + "name": "15552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15552" + }, + { + "name": "13819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13819" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3234.json b/2005/3xxx/CVE-2005-3234.json index 4d1f81d86e1..d324218eec4 100644 --- a/2005/3xxx/CVE-2005-3234.json +++ b/2005/3xxx/CVE-2005-3234.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in unspecified versions of Grisoft AVG Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Antivirus detection bypass by special crafted archive.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" - }, - { - "name" : "http://shadock.net/secubox/AVCraftedArchive.html", - "refsource" : "MISC", - "url" : "http://shadock.net/secubox/AVCraftedArchive.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in unspecified versions of Grisoft AVG Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shadock.net/secubox/AVCraftedArchive.html", + "refsource": "MISC", + "url": "http://shadock.net/secubox/AVCraftedArchive.html" + }, + { + "name": "20051007 Antivirus detection bypass by special crafted archive.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3707.json b/2005/3xxx/CVE-2005-3707.json index c599c910617..2016347afdb 100644 --- a/2005/3xxx/CVE-2005-3707.json +++ b/2005/3xxx/CVE-2005-3707.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060112 Fortinet Security Advisory: \"Apple QuickTime Player Improper Memory Access Vulnerability\"", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html" - }, - { - "name" : "APPLE-SA-2006-01-10", - "refsource" : "APPLE", - "url" : "http://docs.info.apple.com/article.html?artnum=303101" - }, - { - "name" : "TA06-011A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-011A.html" - }, - { - "name" : "VU#115729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/115729" - }, - { - "name" : "16202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16202" - }, - { - "name" : "ADV-2006-0128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0128" - }, - { - "name" : "22336", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22336" - }, - { - "name" : "1015464", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015464" - }, - { - "name" : "18370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18370" - }, - { - "name" : "quicktime-tga-bo(24056)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18370" + }, + { + "name": "quicktime-tga-bo(24056)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24056" + }, + { + "name": "TA06-011A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html" + }, + { + "name": "APPLE-SA-2006-01-10", + "refsource": "APPLE", + "url": "http://docs.info.apple.com/article.html?artnum=303101" + }, + { + "name": "20060112 Fortinet Security Advisory: \"Apple QuickTime Player Improper Memory Access Vulnerability\"", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html" + }, + { + "name": "1015464", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015464" + }, + { + "name": "22336", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22336" + }, + { + "name": "ADV-2006-0128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0128" + }, + { + "name": "16202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16202" + }, + { + "name": "VU#115729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/115729" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3862.json b/2005/3xxx/CVE-2005-3862.json index 453e2f32aea..8cda34325d2 100644 --- a/2005/3xxx/CVE-2005-3862.json +++ b/2005/3xxx/CVE-2005-3862.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842" - }, - { - "name" : "http://www.kipple.pe.kr/win/unalz/", - "refsource" : "CONFIRM", - "url" : "http://www.kipple.pe.kr/win/unalz/" - }, - { - "name" : "DSA-959", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-959" - }, - { - "name" : "15577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15577" - }, - { - "name" : "ADV-2005-2604", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2604" - }, - { - "name" : "21160", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21160" - }, - { - "name" : "17774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17774" - }, - { - "name" : "18665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18665" - }, - { - "name" : "unalz-alz-archive-bo(23267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21160", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21160" + }, + { + "name": "ADV-2005-2604", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2604" + }, + { + "name": "15577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15577" + }, + { + "name": "18665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18665" + }, + { + "name": "17774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17774" + }, + { + "name": "unalz-alz-archive-bo(23267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23267" + }, + { + "name": "http://www.kipple.pe.kr/win/unalz/", + "refsource": "CONFIRM", + "url": "http://www.kipple.pe.kr/win/unalz/" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842" + }, + { + "name": "DSA-959", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-959" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3963.json b/2005/3xxx/CVE-2005-3963.json index 1b559b1546c..056456ccf88 100644 --- a/2005/3xxx/CVE-2005-3963.json +++ b/2005/3xxx/CVE-2005-3963.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051130 ZRCSA-200504 - dotclear SQL Injection", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/1052.html" - }, - { - "name" : "http://www.zone-h.org/advisories/read/id=8485", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=8485" - }, - { - "name" : "http://www.dotclear.net/forum/viewtopic.php?id=13876", - "refsource" : "CONFIRM", - "url" : "http://www.dotclear.net/forum/viewtopic.php?id=13876" - }, - { - "name" : "15667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15667" - }, - { - "name" : "ADV-2005-2677", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2677" - }, - { - "name" : "21333", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21333" - }, - { - "name" : "17830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21333", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21333" + }, + { + "name": "17830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17830" + }, + { + "name": "http://www.zone-h.org/advisories/read/id=8485", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=8485" + }, + { + "name": "ADV-2005-2677", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2677" + }, + { + "name": "15667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15667" + }, + { + "name": "http://www.dotclear.net/forum/viewtopic.php?id=13876", + "refsource": "CONFIRM", + "url": "http://www.dotclear.net/forum/viewtopic.php?id=13876" + }, + { + "name": "20051130 ZRCSA-200504 - dotclear SQL Injection", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/1052.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3986.json b/2005/3xxx/CVE-2005-3986.json index aaf73251b59..b5a14b719bd 100644 --- a/2005/3xxx/CVE-2005-3986.json +++ b/2005/3xxx/CVE-2005-3986.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/instant-photo-gallery-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/instant-photo-gallery-sql-inj-vuln.html" - }, - { - "name" : "15659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15659" - }, - { - "name" : "ADV-2005-2670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2670" - }, - { - "name" : "21334", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21334" - }, - { - "name" : "21335", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21335" - }, - { - "name" : "17841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17841" - }, - { - "name" : "instantphotogallery-multiple-sql-injection(23350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21335", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21335" + }, + { + "name": "21334", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21334" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/instant-photo-gallery-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/instant-photo-gallery-sql-inj-vuln.html" + }, + { + "name": "ADV-2005-2670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2670" + }, + { + "name": "17841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17841" + }, + { + "name": "instantphotogallery-multiple-sql-injection(23350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23350" + }, + { + "name": "15659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15659" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4237.json b/2005/4xxx/CVE-2005-4237.json index ee69cdef34d..0c7a3ff780c 100644 --- a/2005/4xxx/CVE-2005-4237.json +++ b/2005/4xxx/CVE-2005-4237.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/mysql-auction-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/mysql-auction-xss-vuln.html" - }, - { - "name" : "15852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15852" - }, - { - "name" : "ADV-2005-2876", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2876" - }, - { - "name" : "21685", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21685" - }, - { - "name" : "18006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21685", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21685" + }, + { + "name": "ADV-2005-2876", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2876" + }, + { + "name": "18006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18006" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/mysql-auction-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/mysql-auction-xss-vuln.html" + }, + { + "name": "15852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15852" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4599.json b/2005/4xxx/CVE-2005-4599.json index 9193af186bd..ee0b4fa5982 100644 --- a/2005/4xxx/CVE-2005-4599.json +++ b/2005/4xxx/CVE-2005-4599.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420543/100/0/threaded" - }, - { - "name" : "http://www.hardened-php.net/advisory_262005.111.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_262005.111.html" - }, - { - "name" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233", - "refsource" : "CONFIRM", - "url" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233" - }, - { - "name" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244", - "refsource" : "CONFIRM", - "url" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244" - }, - { - "name" : "16083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16083" - }, - { - "name" : "22117", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22117" - }, - { - "name" : "1015424", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015424" - }, - { - "name" : "18262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18262" - }, - { - "name" : "tinymce-compressor-xss(23906)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233", + "refsource": "CONFIRM", + "url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233" + }, + { + "name": "tinymce-compressor-xss(23906)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23906" + }, + { + "name": "22117", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22117" + }, + { + "name": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244", + "refsource": "CONFIRM", + "url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244" + }, + { + "name": "18262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18262" + }, + { + "name": "http://www.hardened-php.net/advisory_262005.111.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_262005.111.html" + }, + { + "name": "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420543/100/0/threaded" + }, + { + "name": "16083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16083" + }, + { + "name": "1015424", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015424" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4712.json b/2005/4xxx/CVE-2005-4712.json index 2fe521938e5..3d2bdbeaa0f 100644 --- a/2005/4xxx/CVE-2005-4712.json +++ b/2005/4xxx/CVE-2005-4712.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zone-h.org/advisories/read/id=8360", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=8360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zone-h.org/advisories/read/id=8360", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=8360" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4838.json b/2005/4xxx/CVE-2005-4838.json index 5215b2457ce..d7c6394e93d 100644 --- a/2005/4xxx/CVE-2005-4838.json +++ b/2005/4xxx/CVE-2005-4838.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-4838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070906 Apache Tomcat remote xss", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html" - }, - { - "name" : "http://www.oliverkarow.de/research/jakarta556_xss.txt", - "refsource" : "MISC", - "url" : "http://www.oliverkarow.de/research/jakarta556_xss.txt" - }, - { - "name" : "[tomcat-dev] 20050103 Re: Fwd: XSS in Jakarta Tomcat 5.5.6", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=tomcat-dev&m=110476790331536&w=2" - }, - { - "name" : "[tomcat-dev] 20050103 [PATCH jakarta-servletapi-5] Re: Fwd: XSS in Jakarta Tomcat 5.5.6", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=tomcat-dev&m=110477195116951&w=2" - }, - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "RHSA-2008:0630", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0630.html" - }, - { - "name" : "12721", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12721" - }, - { - "name" : "34878", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34878" - }, - { - "name" : "34879", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34879" - }, - { - "name" : "1012793", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012793" - }, - { - "name" : "13737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13737" - }, - { - "name" : "31493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31493" - }, - { - "name" : "tomcat-functions-xss(36467)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "tomcat-functions-xss(36467)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36467" + }, + { + "name": "20070906 Apache Tomcat remote xss", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html" + }, + { + "name": "RHSA-2008:0630", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" + }, + { + "name": "34878", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34878" + }, + { + "name": "12721", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12721" + }, + { + "name": "31493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31493" + }, + { + "name": "[tomcat-dev] 20050103 [PATCH jakarta-servletapi-5] Re: Fwd: XSS in Jakarta Tomcat 5.5.6", + "refsource": "MLIST", + "url": "http://marc.info/?l=tomcat-dev&m=110477195116951&w=2" + }, + { + "name": "34879", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34879" + }, + { + "name": "1012793", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012793" + }, + { + "name": "13737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13737" + }, + { + "name": "http://www.oliverkarow.de/research/jakarta556_xss.txt", + "refsource": "MISC", + "url": "http://www.oliverkarow.de/research/jakarta556_xss.txt" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "[tomcat-dev] 20050103 Re: Fwd: XSS in Jakarta Tomcat 5.5.6", + "refsource": "MLIST", + "url": "http://marc.info/?l=tomcat-dev&m=110476790331536&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0089.json b/2009/0xxx/CVE-2009-0089.json index ec0d1753b27..62ec61998f7 100644 --- a/2009/0xxx/CVE-2009-0089.json +++ b/2009/0xxx/CVE-2009-0089.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to \"forward a connection\" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka \"Windows HTTP Services Certificate Name Mismatch Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013" - }, - { - "name" : "TA09-104A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" - }, - { - "name" : "34437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34437" - }, - { - "name" : "oval:org.mitre.oval:def:6027", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6027" - }, - { - "name" : "1022041", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022041" - }, - { - "name" : "34677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34677" - }, - { - "name" : "ADV-2009-1027", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to \"forward a connection\" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka \"Windows HTTP Services Certificate Name Mismatch Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34437" + }, + { + "name": "oval:org.mitre.oval:def:6027", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6027" + }, + { + "name": "34677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34677" + }, + { + "name": "TA09-104A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" + }, + { + "name": "1022041", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022041" + }, + { + "name": "ADV-2009-1027", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1027" + }, + { + "name": "MS09-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0558.json b/2009/0xxx/CVE-2009-0558.json index d97fb59b73f..aa7c1c89ad8 100644 --- a/2009/0xxx/CVE-2009-0558.json +++ b/2009/0xxx/CVE-2009-0558.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504188/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-1/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-1/" - }, - { - "name" : "MS09-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021" - }, - { - "name" : "TA09-160A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" - }, - { - "name" : "35242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35242" - }, - { - "name" : "54954", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54954" - }, - { - "name" : "oval:org.mitre.oval:def:11525", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525" - }, - { - "name" : "1022351", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022351" - }, - { - "name" : "ADV-2009-1540", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1540", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1540" + }, + { + "name": "20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504188/100/0/threaded" + }, + { + "name": "35242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35242" + }, + { + "name": "1022351", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022351" + }, + { + "name": "MS09-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021" + }, + { + "name": "54954", + "refsource": "OSVDB", + "url": "http://osvdb.org/54954" + }, + { + "name": "TA09-160A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" + }, + { + "name": "http://secunia.com/secunia_research/2009-1/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-1/" + }, + { + "name": "oval:org.mitre.oval:def:11525", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1030.json b/2009/1xxx/CVE-2009-1030.json index 8db2e330fb0..0610d7d9ec2 100644 --- a/2009/1xxx/CVE-2009-1030.json +++ b/2009/1xxx/CVE-2009-1030.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501667/100/0/threaded" - }, - { - "name" : "8196", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8196" - }, - { - "name" : "HPSBUX02514", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126996727024732&w=2" - }, - { - "name" : "SSRT100010", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126996727024732&w=2" - }, - { - "name" : "34075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34075" - }, - { - "name" : "1021838", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021838" - }, - { - "name" : "wordpressmu-wpmufunctions-xss(49184)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34075" + }, + { + "name": "1021838", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021838" + }, + { + "name": "wordpressmu-wpmufunctions-xss(49184)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49184" + }, + { + "name": "20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501667/100/0/threaded" + }, + { + "name": "HPSBUX02514", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126996727024732&w=2" + }, + { + "name": "8196", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8196" + }, + { + "name": "SSRT100010", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126996727024732&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1841.json b/2009/1xxx/CVE-2009-1841.json index 179edbbfdb1..a2ddc78e2f3 100644 --- a/2009/1xxx/CVE-2009-1841.json +++ b/2009/1xxx/CVE-2009-1841.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-32.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-32.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479560", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479560" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=503583", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=503583" - }, - { - "name" : "DSA-1820", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1820" - }, - { - "name" : "DSA-1830", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1830" - }, - { - "name" : "FEDORA-2009-6366", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html" - }, - { - "name" : "FEDORA-2009-6411", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html" - }, - { - "name" : "FEDORA-2009-7567", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html" - }, - { - "name" : "FEDORA-2009-7614", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html" - }, - { - "name" : "MDVSA-2009:141", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141" - }, - { - "name" : "RHSA-2009:1095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1095.html" - }, - { - "name" : "RHSA-2009:1096", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-1096.html" - }, - { - "name" : "SSA:2009-167-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468" - }, - { - "name" : "SSA:2009-176-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408" - }, - { - "name" : "SSA:2009-178-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275" - }, - { - "name" : "264308", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" - }, - { - "name" : "USN-782-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-782-1" - }, - { - "name" : "35326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35326" - }, - { - "name" : "35373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35373" - }, - { - "name" : "55159", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55159" - }, - { - "name" : "oval:org.mitre.oval:def:9815", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9815" - }, - { - "name" : "1022397", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022397" - }, - { - "name" : "35331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35331" - }, - { - "name" : "35428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35428" - }, - { - "name" : "35431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35431" - }, - { - "name" : "35439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35439" - }, - { - "name" : "35440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35440" - }, - { - "name" : "35468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35468" - }, - { - "name" : "35536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35536" - }, - { - "name" : "35415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35415" - }, - { - "name" : "35561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35561" - }, - { - "name" : "35602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35602" - }, - { - "name" : "35882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35882" - }, - { - "name" : "ADV-2009-1572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1572" + }, + { + "name": "RHSA-2009:1096", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-1096.html" + }, + { + "name": "SSA:2009-178-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275" + }, + { + "name": "DSA-1830", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1830" + }, + { + "name": "35536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35536" + }, + { + "name": "35602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35602" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=479560", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=479560" + }, + { + "name": "FEDORA-2009-7614", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html" + }, + { + "name": "35326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35326" + }, + { + "name": "35440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35440" + }, + { + "name": "FEDORA-2009-6411", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html" + }, + { + "name": "USN-782-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-782-1" + }, + { + "name": "35428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35428" + }, + { + "name": "35431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35431" + }, + { + "name": "FEDORA-2009-7567", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html" + }, + { + "name": "35331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35331" + }, + { + "name": "35468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35468" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-32.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-32.html" + }, + { + "name": "35439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35439" + }, + { + "name": "35882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35882" + }, + { + "name": "FEDORA-2009-6366", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html" + }, + { + "name": "MDVSA-2009:141", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141" + }, + { + "name": "oval:org.mitre.oval:def:9815", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9815" + }, + { + "name": "35415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35415" + }, + { + "name": "RHSA-2009:1095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1095.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=503583", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503583" + }, + { + "name": "55159", + "refsource": "OSVDB", + "url": "http://osvdb.org/55159" + }, + { + "name": "SSA:2009-167-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468" + }, + { + "name": "35561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35561" + }, + { + "name": "SSA:2009-176-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408" + }, + { + "name": "DSA-1820", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1820" + }, + { + "name": "264308", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" + }, + { + "name": "1022397", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022397" + }, + { + "name": "35373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35373" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3008.json b/2009/3xxx/CVE-2009-3008.json index 6f50b774ba5..e126811922c 100644 --- a/2009/3xxx/CVE-2009-3008.json +++ b/2009/3xxx/CVE-2009-3008.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html" - }, - { - "name" : "kmeleon-windowopen-spoofing(53011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html" + }, + { + "name": "kmeleon-windowopen-spoofing(53011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53011" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3575.json b/2009/3xxx/CVE-2009-3575.json index 2c88d795087..089c2688b87 100644 --- a/2009/3xxx/CVE-2009-3575.json +++ b/2009/3xxx/CVE-2009-3575.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://qa.mandriva.com/show_bug.cgi?id=52840", - "refsource" : "CONFIRM", - "url" : "https://qa.mandriva.com/show_bug.cgi?id=52840" - }, - { - "name" : "DSA-1957", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1957" - }, - { - "name" : "MDVSA-2009:226", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:226" - }, - { - "name" : "36332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36332" - }, - { - "name" : "37971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36332" + }, + { + "name": "37971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37971" + }, + { + "name": "DSA-1957", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1957" + }, + { + "name": "https://qa.mandriva.com/show_bug.cgi?id=52840", + "refsource": "CONFIRM", + "url": "https://qa.mandriva.com/show_bug.cgi?id=52840" + }, + { + "name": "MDVSA-2009:226", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:226" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3695.json b/2009/3xxx/CVE-2009-3695.json index d3fc56564a7..f7008c3ccc9 100644 --- a/2009/3xxx/CVE-2009-3695.json +++ b/2009/3xxx/CVE-2009-3695.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091013 Re: Duplicate CVE assignment notification [was: CVE id request: django]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/10/13/6" - }, - { - "name" : "http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457" - }, - { - "name" : "http://www.djangoproject.com/weblog/2009/oct/09/security/", - "refsource" : "CONFIRM", - "url" : "http://www.djangoproject.com/weblog/2009/oct/09/security/" - }, - { - "name" : "DSA-1905", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1905" - }, - { - "name" : "36655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36655" - }, - { - "name" : "36948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36948" - }, - { - "name" : "36968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36968" - }, - { - "name" : "ADV-2009-2871", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2871" - }, - { - "name" : "django-emailfield-urlfield-dos(53727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36655" + }, + { + "name": "django-emailfield-urlfield-dos(53727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53727" + }, + { + "name": "http://www.djangoproject.com/weblog/2009/oct/09/security/", + "refsource": "CONFIRM", + "url": "http://www.djangoproject.com/weblog/2009/oct/09/security/" + }, + { + "name": "36948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36948" + }, + { + "name": "36968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36968" + }, + { + "name": "DSA-1905", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1905" + }, + { + "name": "http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/", + "refsource": "MISC", + "url": "http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457" + }, + { + "name": "[oss-security] 20091013 Re: Duplicate CVE assignment notification [was: CVE id request: django]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/10/13/6" + }, + { + "name": "ADV-2009-2871", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2871" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4253.json b/2009/4xxx/CVE-2009-4253.json index 8890f846a4b..5bd95d5f588 100644 --- a/2009/4xxx/CVE-2009-4253.json +++ b/2009/4xxx/CVE-2009-4253.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.websecurity.com.ua/1845", - "refsource" : "MISC", - "url" : "http://www.websecurity.com.ua/1845" - }, - { - "name" : "37150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37150" - }, - { - "name" : "30423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30423" - }, - { - "name" : "powerphlogger-dspstats-xss(54541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.websecurity.com.ua/1845", + "refsource": "MISC", + "url": "http://www.websecurity.com.ua/1845" + }, + { + "name": "30423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30423" + }, + { + "name": "37150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37150" + }, + { + "name": "powerphlogger-dspstats-xss(54541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54541" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4494.json b/2009/4xxx/CVE-2009-4494.json index 96430c7df85..ebc7c4165df 100644 --- a/2009/4xxx/CVE-2009-4494.json +++ b/2009/4xxx/CVE-2009-4494.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508830/100/0/threaded" - }, - { - "name" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" - }, - { - "name" : "37712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37712" + }, + { + "name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" + }, + { + "name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4873.json b/2009/4xxx/CVE-2009-4873.json index 2e98f06a04e..d4eeffa8a01 100644 --- a/2009/4xxx/CVE-2009-4873.json +++ b/2009/4xxx/CVE-2009-4873.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rangos.de/ServU-ADV.txt", - "refsource" : "MISC", - "url" : "http://www.rangos.de/ServU-ADV.txt" - }, - { - "name" : "36895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36895" - }, - { - "name" : "37228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37228" - }, - { - "name" : "ADV-2009-3116", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rangos.de/ServU-ADV.txt", + "refsource": "MISC", + "url": "http://www.rangos.de/ServU-ADV.txt" + }, + { + "name": "ADV-2009-3116", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3116" + }, + { + "name": "36895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36895" + }, + { + "name": "37228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37228" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2060.json b/2012/2xxx/CVE-2012-2060.json index d10a2de7e01..4a6c5213fcf 100644 --- a/2012/2xxx/CVE-2012-2060.json +++ b/2012/2xxx/CVE-2012-2060.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1482126", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1482126" - }, - { - "name" : "52502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52502" - }, - { - "name" : "admintools-drupal-xss(74057)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1482126", + "refsource": "MISC", + "url": "http://drupal.org/node/1482126" + }, + { + "name": "52502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52502" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "admintools-drupal-xss(74057)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74057" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2336.json b/2012/2xxx/CVE-2012-2336.json index c7cb5036837..2ed4615d93f 100644 --- a/2012/2xxx/CVE-2012-2336.json +++ b/2012/2xxx/CVE-2012-2336.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php.net/ChangeLog-5.php#5.4.3", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php#5.4.3" - }, - { - "name" : "http://www.php.net/archive/2012.php#id2012-05-08-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2012.php#id2012-05-08-1" - }, - { - "name" : "https://bugs.php.net/bug.php?id=61910", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=61910" - }, - { - "name" : "https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1" - }, - { - "name" : "HPSBMU02900", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - }, - { - "name" : "SSRT100992", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - }, - { - "name" : "SUSE-SU-2012:0840", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html" - }, - { - "name" : "SUSE-SU-2012:0721", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html" - }, - { - "name" : "49014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:0721", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html" + }, + { + "name": "SUSE-SU-2012:0840", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html" + }, + { + "name": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1" + }, + { + "name": "49014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49014" + }, + { + "name": "https://bugs.php.net/bug.php?id=61910", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=61910" + }, + { + "name": "http://www.php.net/archive/2012.php#id2012-05-08-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2012.php#id2012-05-08-1" + }, + { + "name": "SSRT100992", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + }, + { + "name": "HPSBMU02900", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + }, + { + "name": "http://www.php.net/ChangeLog-5.php#5.4.3", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php#5.4.3" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2501.json b/2012/2xxx/CVE-2012-2501.json index 96bd00ad37e..33b0d49319f 100644 --- a/2012/2xxx/CVE-2012-2501.json +++ b/2012/2xxx/CVE-2012-2501.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2501", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2501", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2660.json b/2012/2xxx/CVE-2012-2660.json index 3dcc962a9b9..f35b4f02eef 100644 --- a/2012/2xxx/CVE-2012-2660.json +++ b/2012/2xxx/CVE-2012-2660.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rubyonrails-security] 20120531 Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain" - }, - { - "name" : "RHSA-2013:0154", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0154.html" - }, - { - "name" : "SUSE-SU-2012:1015", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:0978", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" - }, - { - "name" : "SUSE-SU-2012:1012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:1014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" - }, - { - "name" : "openSUSE-SU-2012:1066", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1015", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" + }, + { + "name": "SUSE-SU-2012:1012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" + }, + { + "name": "openSUSE-SU-2012:0978", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" + }, + { + "name": "SUSE-SU-2012:1014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" + }, + { + "name": "openSUSE-SU-2012:1066", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" + }, + { + "name": "[rubyonrails-security] 20120531 Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660)", + "refsource": "MLIST", + "url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain" + }, + { + "name": "RHSA-2013:0154", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2920.json b/2012/2xxx/CVE-2012-2920.json index fe10eaa9dab..22265d6b003 100644 --- a/2012/2xxx/CVE-2012-2920.json +++ b/2012/2xxx/CVE-2012-2920.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880" - }, - { - "name" : "http://wordpress.org/extend/plugins/user-photo/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/user-photo/changelog/" - }, - { - "name" : "53449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53449" - }, - { - "name" : "81806", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81806" - }, - { - "name" : "49100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49100" - }, - { - "name" : "userphoto-optionsgeneral-xss(75496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880" + }, + { + "name": "userphoto-optionsgeneral-xss(75496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75496" + }, + { + "name": "81806", + "refsource": "OSVDB", + "url": "http://osvdb.org/81806" + }, + { + "name": "53449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53449" + }, + { + "name": "49100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49100" + }, + { + "name": "http://wordpress.org/extend/plugins/user-photo/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/user-photo/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0206.json b/2015/0xxx/CVE-2015-0206.json index 44386a89a7a..5e24030e785 100644 --- a/2015/0xxx/CVE-2015-0206.json +++ b/2015/0xxx/CVE-2015-0206.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f", - "refsource" : "CONFIRM", - "url" : "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f" - }, - { - "name" : "https://www.openssl.org/news/secadv_20150108.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20150108.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa88", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa88" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10102", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10102" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10108", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10108" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" - }, - { - "name" : "DSA-3125", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3125" - }, - { - "name" : "FEDORA-2015-0512", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html" - }, - { - "name" : "FEDORA-2015-0601", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html" - }, - { - "name" : "HPSBHF03289", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721102728110&w=2" - }, - { - "name" : "HPSBMU03380", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2" - }, - { - "name" : "HPSBMU03396", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050205101530&w=2" - }, - { - "name" : "HPSBMU03397", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050297101809&w=2" - }, - { - "name" : "HPSBMU03409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" - }, - { - "name" : "HPSBMU03413", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050254401665&w=2" - }, - { - "name" : "MDVSA-2015:019", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019" - }, - { - "name" : "MDVSA-2015:062", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" - }, - { - "name" : "RHSA-2015:0066", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0066.html" - }, - { - "name" : "openSUSE-SU-2015:0130", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" - }, - { - "name" : "openSUSE-SU-2015:1277", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "71940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71940" - }, - { - "name" : "1033378", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033378" - }, - { - "name" : "openssl-cve20150206-dos(99704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "openSUSE-SU-2015:0130", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" + }, + { + "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" + }, + { + "name": "openssl-cve20150206-dos(99704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704" + }, + { + "name": "HPSBMU03409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "HPSBMU03380", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2" + }, + { + "name": "FEDORA-2015-0601", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html" + }, + { + "name": "1033378", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033378" + }, + { + "name": "HPSBHF03289", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2" + }, + { + "name": "https://www.openssl.org/news/secadv_20150108.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20150108.txt" + }, + { + "name": "MDVSA-2015:019", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "openSUSE-SU-2015:1277", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" + }, + { + "name": "RHSA-2015:0066", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102" + }, + { + "name": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f", + "refsource": "CONFIRM", + "url": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f" + }, + { + "name": "SUSE-SU-2015:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" + }, + { + "name": "HPSBMU03397", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "71940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71940" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "HPSBMU03396", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050205101530&w=2" + }, + { + "name": "MDVSA-2015:062", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" + }, + { + "name": "HPSBMU03413", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa88", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa88" + }, + { + "name": "DSA-3125", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3125" + }, + { + "name": "FEDORA-2015-0512", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0374.json b/2015/0xxx/CVE-2015-0374.json index 057104625cd..f3940d109e8 100644 --- a/2015/0xxx/CVE-2015-0374.json +++ b/2015/0xxx/CVE-2015-0374.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3135", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3135" - }, - { - "name" : "FEDORA-2015-1162", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html" - }, - { - "name" : "GLSA-201504-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-05" - }, - { - "name" : "RHSA-2015:0116", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0116.html" - }, - { - "name" : "RHSA-2015:0117", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0117.html" - }, - { - "name" : "RHSA-2015:0118", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0118.html" - }, - { - "name" : "RHSA-2015:1628", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1628.html" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "USN-2480-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2480-1" - }, - { - "name" : "72227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72227" - }, - { - "name" : "1031581", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031581" - }, - { - "name" : "62728", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62728" - }, - { - "name" : "62730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62730" - }, - { - "name" : "62732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62732" - }, - { - "name" : "oracle-cpujan2015-cve20150374(100191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0118", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0118.html" + }, + { + "name": "DSA-3135", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3135" + }, + { + "name": "RHSA-2015:0116", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0116.html" + }, + { + "name": "USN-2480-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2480-1" + }, + { + "name": "72227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72227" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "RHSA-2015:1628", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1628.html" + }, + { + "name": "62732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62732" + }, + { + "name": "oracle-cpujan2015-cve20150374(100191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100191" + }, + { + "name": "RHSA-2015:0117", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0117.html" + }, + { + "name": "1031581", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031581" + }, + { + "name": "GLSA-201504-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-05" + }, + { + "name": "62728", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62728" + }, + { + "name": "FEDORA-2015-1162", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html" + }, + { + "name": "62730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62730" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1039.json b/2015/1xxx/CVE-2015-1039.json index eda5a9b14a9..295da13f28b 100644 --- a/2015/1xxx/CVE-2015-1039.json +++ b/2015/1xxx/CVE-2015-1039.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150111 Re: CVE request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/11/4" - }, - { - "name" : "https://github.com/ZF-Commons/ZfcUser/commit/baf0e460", - "refsource" : "CONFIRM", - "url" : "https://github.com/ZF-Commons/ZfcUser/commit/baf0e460" - }, - { - "name" : "https://github.com/ZF-Commons/ZfcUser/issues/550", - "refsource" : "CONFIRM", - "url" : "https://github.com/ZF-Commons/ZfcUser/issues/550" - }, - { - "name" : "71931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZF-Commons/ZfcUser/issues/550", + "refsource": "CONFIRM", + "url": "https://github.com/ZF-Commons/ZfcUser/issues/550" + }, + { + "name": "[oss-security] 20150111 Re: CVE request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/11/4" + }, + { + "name": "https://github.com/ZF-Commons/ZfcUser/commit/baf0e460", + "refsource": "CONFIRM", + "url": "https://github.com/ZF-Commons/ZfcUser/commit/baf0e460" + }, + { + "name": "71931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71931" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1072.json b/2015/1xxx/CVE-2015-1072.json index dbab76b1b2c..d331bfceb04 100644 --- a/2015/1xxx/CVE-2015-1072.json +++ b/2015/1xxx/CVE-2015-1072.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204560", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204560" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-03-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "1031936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "APPLE-SA-2015-03-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "1031936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031936" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "https://support.apple.com/HT204560", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204560" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1154.json b/2015/1xxx/CVE-2015-1154.json index 406bc7c74e0..903d87cda3b 100644 --- a/2015/1xxx/CVE-2015-1154.json +++ b/2015/1xxx/CVE-2015-1154.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204826", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204826" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-05-06-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/May/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "74526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74526" - }, - { - "name" : "1032270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204826", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204826" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "1032270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032270" + }, + { + "name": "74526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74526" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "APPLE-SA-2015-05-06-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/May/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1164.json b/2015/1xxx/CVE-2015-1164.json index bc86f335346..9355f9da43c 100644 --- a/2015/1xxx/CVE-2015-1164.json +++ b/2015/1xxx/CVE-2015-1164.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nodesecurity.io/advisories/serve-static-open-redirect", - "refsource" : "CONFIRM", - "url" : "http://nodesecurity.io/advisories/serve-static-open-redirect" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1181917", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1181917" - }, - { - "name" : "https://github.com/expressjs/serve-static/issues/26", - "refsource" : "CONFIRM", - "url" : "https://github.com/expressjs/serve-static/issues/26" - }, - { - "name" : "72064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72064" - }, - { - "name" : "nodejs-servestatic-open-redirect(99936)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nodejs-servestatic-open-redirect(99936)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99936" + }, + { + "name": "https://github.com/expressjs/serve-static/issues/26", + "refsource": "CONFIRM", + "url": "https://github.com/expressjs/serve-static/issues/26" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1181917", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181917" + }, + { + "name": "72064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72064" + }, + { + "name": "http://nodesecurity.io/advisories/serve-static-open-redirect", + "refsource": "CONFIRM", + "url": "http://nodesecurity.io/advisories/serve-static-open-redirect" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1515.json b/2015/1xxx/CVE-2015-1515.json index f4326399f59..9dd8cd6dda0 100644 --- a/2015/1xxx/CVE-2015-1515.json +++ b/2015/1xxx/CVE-2015-1515.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36052", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/36052" - }, - { - "name" : "117996", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/117996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36052", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/36052" + }, + { + "name": "117996", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/117996" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1708.json b/2015/1xxx/CVE-2015-1708.json index f76e31499f2..7b284b7f8d2 100644 --- a/2015/1xxx/CVE-2015-1708.json +++ b/2015/1xxx/CVE-2015-1708.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" - }, - { - "name" : "74511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74511" - }, - { - "name" : "1032282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74511" + }, + { + "name": "1032282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032282" + }, + { + "name": "MS15-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1839.json b/2015/1xxx/CVE-2015-1839.json index 31cbf414be1..990dac42210 100644 --- a/2015/1xxx/CVE-2015-1839.json +++ b/2015/1xxx/CVE-2015-1839.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212788", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212788" - }, - { - "name" : "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html", - "refsource" : "CONFIRM", - "url" : "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html" - }, - { - "name" : "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c", - "refsource" : "CONFIRM", - "url" : "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c" - }, - { - "name" : "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81", - "refsource" : "CONFIRM", - "url" : "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81" - }, - { - "name" : "FEDORA-2016-105b3b8804", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81", + "refsource": "CONFIRM", + "url": "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212788", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212788" + }, + { + "name": "FEDORA-2016-105b3b8804", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html" + }, + { + "name": "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c", + "refsource": "CONFIRM", + "url": "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c" + }, + { + "name": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html", + "refsource": "CONFIRM", + "url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5280.json b/2015/5xxx/CVE-2015-5280.json index 3ef120f00db..916f9eb2dc9 100644 --- a/2015/5xxx/CVE-2015-5280.json +++ b/2015/5xxx/CVE-2015-5280.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5280", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5280", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5375.json b/2015/5xxx/CVE-2015-5375.json index 71178333a14..95e7eeaf958 100644 --- a/2015/5xxx/CVE-2015-5375.json +++ b/2015/5xxx/CVE-2015-5375.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150923 Open-Xchange Security Advisory 2015-09-23", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536523/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html" - }, - { - "name" : "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf", - "refsource" : "CONFIRM", - "url" : "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf" - }, - { - "name" : "1034018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html" + }, + { + "name": "20150923 Open-Xchange Security Advisory 2015-09-23", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536523/100/0/threaded" + }, + { + "name": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf", + "refsource": "CONFIRM", + "url": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf" + }, + { + "name": "1034018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034018" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5443.json b/2015/5xxx/CVE-2015-5443.json index 718ec1fac28..731c6561b96 100644 --- a/2015/5xxx/CVE-2015-5443.json +++ b/2015/5xxx/CVE-2015-5443.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822249", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822249", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822249" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5489.json b/2015/5xxx/CVE-2015-5489.json index d6c421020b4..f082b297cee 100644 --- a/2015/5xxx/CVE-2015-5489.json +++ b/2015/5xxx/CVE-2015-5489.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4" - }, - { - "name" : "https://www.drupal.org/node/2480321", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2480321" - }, - { - "name" : "https://www.drupal.org/node/2480289", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2480289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2480321", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2480321" + }, + { + "name": "https://www.drupal.org/node/2480289", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2480289" + }, + { + "name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/04/4" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5781.json b/2015/5xxx/CVE-2015-5781.json index adb495b4b3f..61227a226f1 100644 --- a/2015/5xxx/CVE-2015-5781.json +++ b/2015/5xxx/CVE-2015-5781.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76343" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "76343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76343" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11546.json b/2018/11xxx/CVE-2018-11546.json index e0373ae66ef..fee219bcc55 100644 --- a/2018/11xxx/CVE-2018-11546.json +++ b/2018/11xxx/CVE-2018-11546.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mity/md4c/issues/38", - "refsource" : "MISC", - "url" : "https://github.com/mity/md4c/issues/38" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mity/md4c/issues/38", + "refsource": "MISC", + "url": "https://github.com/mity/md4c/issues/38" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11630.json b/2018/11xxx/CVE-2018-11630.json index c31a4b2e4a7..0774d9113b9 100644 --- a/2018/11xxx/CVE-2018-11630.json +++ b/2018/11xxx/CVE-2018-11630.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11630", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11630", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3091.json b/2018/3xxx/CVE-2018-3091.json index f7efe9204b4..27901d7cc9e 100644 --- a/2018/3xxx/CVE-2018-3091.json +++ b/2018/3xxx/CVE-2018-3091.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.16" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.16" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104764" - }, - { - "name" : "1041296", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104764" + }, + { + "name": "1041296", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041296" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3322.json b/2018/3xxx/CVE-2018-3322.json index 47c3713280e..d9fbfd3eec6 100644 --- a/2018/3xxx/CVE-2018-3322.json +++ b/2018/3xxx/CVE-2018-3322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3322", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3322", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3633.json b/2018/3xxx/CVE-2018-3633.json index 478969f12a2..c2dd9d64b82 100644 --- a/2018/3xxx/CVE-2018-3633.json +++ b/2018/3xxx/CVE-2018-3633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3633", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3633", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3719.json b/2018/3xxx/CVE-2018-3719.json index f8a75685457..bc612a32a39 100644 --- a/2018/3xxx/CVE-2018-3719.json +++ b/2018/3xxx/CVE-2018-3719.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mixin-deep node module", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 1.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Modification of Assumed-Immutable Data (MAID) (CWE-471)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mixin-deep node module", + "version": { + "version_data": [ + { + "version_value": "Versions before 1.3.1" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jonschlinkert/mixin-deep/commit/578b0bc5e74e14de9ef4975f504dc698796bdf9c", - "refsource" : "MISC", - "url" : "https://github.com/jonschlinkert/mixin-deep/commit/578b0bc5e74e14de9ef4975f504dc698796bdf9c" - }, - { - "name" : "https://hackerone.com/reports/311236", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/311236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Modification of Assumed-Immutable Data (MAID) (CWE-471)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jonschlinkert/mixin-deep/commit/578b0bc5e74e14de9ef4975f504dc698796bdf9c", + "refsource": "MISC", + "url": "https://github.com/jonschlinkert/mixin-deep/commit/578b0bc5e74e14de9ef4975f504dc698796bdf9c" + }, + { + "name": "https://hackerone.com/reports/311236", + "refsource": "MISC", + "url": "https://hackerone.com/reports/311236" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3829.json b/2018/3xxx/CVE-2018-3829.json index 48f6e6e7d8c..a97ada8bafe 100644 --- a/2018/3xxx/CVE-2018-3829.json +++ b/2018/3xxx/CVE-2018-3829.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "bressers@elastic.co", - "ID" : "CVE-2018-3829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Elastic Cloud Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "before 1.1.4" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285: Improper Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2018-3829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Elastic Cloud Enterprise", + "version": { + "version_data": [ + { + "version_value": "before 1.1.4" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778", - "refsource" : "CONFIRM", - "url" : "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778" - }, - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + }, + { + "name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778", + "refsource": "CONFIRM", + "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3854.json b/2018/3xxx/CVE-2018-3854.json index 77ac62d9526..b729c3e4c78 100644 --- a/2018/3xxx/CVE-2018-3854.json +++ b/2018/3xxx/CVE-2018-3854.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2018-3854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2018-3854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7183.json b/2018/7xxx/CVE-2018-7183.json index 5d8533b4027..66daaa284d0 100644 --- a/2018/7xxx/CVE-2018-7183.json +++ b/2018/7xxx/CVE-2018-7183.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug3414", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug3414" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_18_13", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_18_13" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180626-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180626-0001/" - }, - { - "name" : "FreeBSD-SA-18:02", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" - }, - { - "name" : "GLSA-201805-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-12" - }, - { - "name" : "USN-3707-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3707-1/" - }, - { - "name" : "USN-3707-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3707-2/" - }, - { - "name" : "103351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201805-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-12" + }, + { + "name": "FreeBSD-SA-18:02", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" + }, + { + "name": "USN-3707-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3707-2/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180626-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" + }, + { + "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S" + }, + { + "name": "USN-3707-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3707-1/" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_18_13", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_18_13" + }, + { + "name": "103351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103351" + }, + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug3414", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug3414" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7383.json b/2018/7xxx/CVE-2018-7383.json index 9ae634df15d..0f04c96856d 100644 --- a/2018/7xxx/CVE-2018-7383.json +++ b/2018/7xxx/CVE-2018-7383.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7383", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7383", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7467.json b/2018/7xxx/CVE-2018-7467.json index 4f627c5dbbc..c1a4738c57f 100644 --- a/2018/7xxx/CVE-2018-7467.json +++ b/2018/7xxx/CVE-2018-7467.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.projectxit.com.au/blog/2018/2/27/axxonsoft-client-directory-traversal-cve-2018-7467-axxonsoft-axxon-next-axxonsoft-client-directory-traversal-via-an-initial-css2f-substring-in-a-uri-cve-2018-7467", - "refsource" : "MISC", - "url" : "http://www.projectxit.com.au/blog/2018/2/27/axxonsoft-client-directory-traversal-cve-2018-7467-axxonsoft-axxon-next-axxonsoft-client-directory-traversal-via-an-initial-css2f-substring-in-a-uri-cve-2018-7467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.projectxit.com.au/blog/2018/2/27/axxonsoft-client-directory-traversal-cve-2018-7467-axxonsoft-axxon-next-axxonsoft-client-directory-traversal-via-an-initial-css2f-substring-in-a-uri-cve-2018-7467", + "refsource": "MISC", + "url": "http://www.projectxit.com.au/blog/2018/2/27/axxonsoft-client-directory-traversal-cve-2018-7467-axxonsoft-axxon-next-axxonsoft-client-directory-traversal-via-an-initial-css2f-substring-in-a-uri-cve-2018-7467" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7899.json b/2018/7xxx/CVE-2018-7899.json index 9766670990b..bf06e013236 100644 --- a/2018/7xxx/CVE-2018-7899.json +++ b/2018/7xxx/CVE-2018-7899.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2018-04-18T00:00:00", - "ID" : "CVE-2018-7899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Berkeley-AL20, Berkeley-BD", - "version" : { - "version_data" : [ - { - "version_value" : "Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "double free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2018-04-18T00:00:00", + "ID": "CVE-2018-7899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Berkeley-AL20, Berkeley-BD", + "version": { + "version_data": [ + { + "version_value": "Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "double free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8103.json b/2018/8xxx/CVE-2018-8103.json index 9d423ca8ac6..6298a929304 100644 --- a/2018/8xxx/CVE-2018-8103.json +++ b/2018/8xxx/CVE-2018-8103.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", - "refsource" : "MISC", - "url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", + "refsource": "MISC", + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8392.json b/2018/8xxx/CVE-2018-8392.json index 34663889b56..e9df52c9fe9 100644 --- a/2018/8xxx/CVE-2018-8392.json +++ b/2018/8xxx/CVE-2018-8392.json @@ -1,216 +1,216 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8392", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8392" - }, - { - "name" : "105213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105213" - }, - { - "name" : "1041625", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8392", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8392" + }, + { + "name": "1041625", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041625" + }, + { + "name": "105213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105213" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8527.json b/2018/8xxx/CVE-2018-8527.json index 16ebe3e449a..c528bc011cc 100644 --- a/2018/8xxx/CVE-2018-8527.json +++ b/2018/8xxx/CVE-2018-8527.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SQL Server Management Studio 17.9", - "version" : { - "version_data" : [ - { - "version_value" : "SQL Server Management Studio 17.9" - } - ] - } - }, - { - "product_name" : "SQL Server Management Studio 18.0", - "version" : { - "version_data" : [ - { - "version_value" : "(Preview 4)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka \"SQL Server Management Studio Information Disclosure Vulnerability.\" This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SQL Server Management Studio 17.9", + "version": { + "version_data": [ + { + "version_value": "SQL Server Management Studio 17.9" + } + ] + } + }, + { + "product_name": "SQL Server Management Studio 18.0", + "version": { + "version_data": [ + { + "version_value": "(Preview 4)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45585", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45585/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527" - }, - { - "name" : "105474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105474" - }, - { - "name" : "1041826", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka \"SQL Server Management Studio Information Disclosure Vulnerability.\" This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527" + }, + { + "name": "105474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105474" + }, + { + "name": "1041826", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041826" + }, + { + "name": "45585", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45585/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8615.json b/2018/8xxx/CVE-2018-8615.json index ba7781a86dd..7dbff0c1535 100644 --- a/2018/8xxx/CVE-2018-8615.json +++ b/2018/8xxx/CVE-2018-8615.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8615", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8615", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file