diff --git a/2005/0xxx/CVE-2005-0065.json b/2005/0xxx/CVE-2005-0065.json index 028746fdf6d..f67fd4ac482 100644 --- a/2005/0xxx/CVE-2005-0065.json +++ b/2005/0xxx/CVE-2005-0065.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka \"TCP sequence number checking\"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged \"Destination Unreachable\" messages, (2) blind throughput-reduction attacks with forged \"Source Quench\" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html", - "refsource" : "MISC", - "url" : "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html" - }, - { - "name" : "13124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka \"TCP sequence number checking\"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged \"Destination Unreachable\" messages, (2) blind throughput-reduction attacks with forged \"Source Quench\" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13124" + }, + { + "name": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html", + "refsource": "MISC", + "url": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0866.json b/2005/0xxx/CVE-2005-0866.json index 3835b0d5c82..f3c70f60a56 100644 --- a/2005/0xxx/CVE-2005-0866.json +++ b/2005/0xxx/CVE-2005-0866.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-100-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/100-1/" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-100-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/100-1/" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2612.json b/2005/2xxx/CVE-2005-2612.json index ac4545a70da..8e80e13fc60 100644 --- a/2005/2xxx/CVE-2005-2612.json +++ b/2005/2xxx/CVE-2005-2612.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050809 (no subject)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0234.html" - }, - { - "name" : "16386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16386" + }, + { + "name": "20050809 (no subject)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0234.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2721.json b/2005/2xxx/CVE-2005-2721.json index 51fb1d9f69d..379ffdff709 100644 --- a/2005/2xxx/CVE-2005-2721.json +++ b/2005/2xxx/CVE-2005-2721.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050824 Foojan PHP Weblog Information Disclosure - Refferer Html Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112491140712884&w=2" - }, - { - "name" : "14658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14658" - }, - { - "name" : "16565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16565/" - }, - { - "name" : "foojan-referer-code-execution(22004)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16565/" + }, + { + "name": "foojan-referer-code-execution(22004)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22004" + }, + { + "name": "14658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14658" + }, + { + "name": "20050824 Foojan PHP Weblog Information Disclosure - Refferer Html Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112491140712884&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2843.json b/2005/2xxx/CVE-2005-2843.json index 1a8bd8d39ef..7a38d2f9e67 100644 --- a/2005/2xxx/CVE-2005-2843.json +++ b/2005/2xxx/CVE-2005-2843.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050829 Vulnerability in Helpdesk software Hesk 0.92", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112534893423213&w=2" - }, - { - "name" : "20050830 Re: Vulnerability in Helpdesk software Hesk 0.92", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112545306117124&w=2" - }, - { - "name" : "14692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14692" - }, - { - "name" : "16623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16623/" - }, - { - "name" : "helpdesk-adminmain-security-bypass(22054)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050829 Vulnerability in Helpdesk software Hesk 0.92", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112534893423213&w=2" + }, + { + "name": "16623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16623/" + }, + { + "name": "20050830 Re: Vulnerability in Helpdesk software Hesk 0.92", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112545306117124&w=2" + }, + { + "name": "14692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14692" + }, + { + "name": "helpdesk-adminmain-security-bypass(22054)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22054" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3681.json b/2005/3xxx/CVE-2005-3681.json index 25b3b734d8b..60f39f15e90 100644 --- a/2005/3xxx/CVE-2005-3681.json +++ b/2005/3xxx/CVE-2005-3681.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051112 XOOPS 2.2.3 Final arbitrary local inclusion / XOOPS WF-Downloads", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113199244824660&w=2" - }, - { - "name" : "15406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15406/" - }, - { - "name" : "ADV-2005-2425", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2425" - }, - { - "name" : "20852", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20852" - }, - { - "name" : "17575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17575" + }, + { + "name": "15406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15406/" + }, + { + "name": "ADV-2005-2425", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2425" + }, + { + "name": "20852", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20852" + }, + { + "name": "20051112 XOOPS 2.2.3 Final arbitrary local inclusion / XOOPS WF-Downloads", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113199244824660&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3737.json b/2005/3xxx/CVE-2005-3737.json index 52782cc0e24..cf7e397ead1 100644 --- a/2005/3xxx/CVE-2005-3737.json +++ b/2005/3xxx/CVE-2005-3737.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894" - }, - { - "name" : "DSA-916", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-916" - }, - { - "name" : "GLSA-200511-22", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml" - }, - { - "name" : "SUSE-SR:2005:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_28_sr.html" - }, - { - "name" : "USN-217-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntulinux.org/usn/usn-217-1" - }, - { - "name" : "15507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15507" - }, - { - "name" : "ADV-2005-2511", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2511" - }, - { - "name" : "17651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17651" - }, - { - "name" : "17662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17662" - }, - { - "name" : "17778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17778" - }, - { - "name" : "17882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17882" - }, - { - "name" : "58", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/58" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200511-22", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml" + }, + { + "name": "SUSE-SR:2005:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html" + }, + { + "name": "17778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17778" + }, + { + "name": "17651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17651" + }, + { + "name": "USN-217-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntulinux.org/usn/usn-217-1" + }, + { + "name": "15507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15507" + }, + { + "name": "17882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17882" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1" + }, + { + "name": "ADV-2005-2511", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2511" + }, + { + "name": "DSA-916", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-916" + }, + { + "name": "58", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/58" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894" + }, + { + "name": "17662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17662" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3989.json b/2005/3xxx/CVE-2005-3989.json index 3b9f6c2f60c..863eeb59f97 100644 --- a/2005/3xxx/CVE-2005-3989.json +++ b/2005/3xxx/CVE-2005-3989.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf" - }, - { - "name" : "15668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15668" - }, - { - "name" : "ADV-2005-2685", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2685" - }, - { - "name" : "17825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2685", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2685" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf" + }, + { + "name": "15668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15668" + }, + { + "name": "17825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17825" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4130.json b/2005/4xxx/CVE-2005-4130.json index 6d32cdcc0bf..fefe0308257 100644 --- a/2005/4xxx/CVE-2005-4130.json +++ b/2005/4xxx/CVE-2005-4130.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.eeye.com/html/research/upcoming/20051116.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/research/upcoming/20051116.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.eeye.com/html/research/upcoming/20051116.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/research/upcoming/20051116.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4257.json b/2005/4xxx/CVE-2005-4257.json index a0e9b24c039..5efbdcc9cd9 100644 --- a/2005/4xxx/CVE-2005-4257.json +++ b/2005/4xxx/CVE-2005-4257.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15861" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4889.json b/2005/4xxx/CVE-2005-4889.json index bc8881b66bd..8a4093b521d 100644 --- a/2005/4xxx/CVE-2005-4889.json +++ b/2005/4xxx/CVE-2005-4889.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=598775", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=598775" - }, - { - "name" : "MDVSA-2010:180", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180" - }, - { - "name" : "rpm-setgid-privilege-escalation(59426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz", + "refsource": "CONFIRM", + "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz" + }, + { + "name": "MDVSA-2010:180", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=598775", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775" + }, + { + "name": "rpm-setgid-privilege-escalation(59426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0154.json b/2009/0xxx/CVE-2009-0154.json index b43a3cc4e8d..0bfbb55ed8a 100644 --- a/2009/0xxx/CVE-2009-0154.json +++ b/2009/0xxx/CVE-2009-0154.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090519 ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503597/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-023", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-023" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "34926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34926" - }, - { - "name" : "1022218", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022218" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "macos-ats-cff-bo(50478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "macos-ats-cff-bo(50478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50478" + }, + { + "name": "34926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34926" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-023", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-023" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "1022218", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022218" + }, + { + "name": "20090519 ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503597/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2103.json b/2009/2xxx/CVE-2009-2103.json index 8b068db24c6..f58d3dc5933 100644 --- a/2009/2xxx/CVE-2009-2103.json +++ b/2009/2xxx/CVE-2009-2103.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/" - }, - { - "name" : "35394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35394" - }, - { - "name" : "55123", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55123" - }, - { - "name" : "35484", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35394" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/" + }, + { + "name": "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/" + }, + { + "name": "55123", + "refsource": "OSVDB", + "url": "http://osvdb.org/55123" + }, + { + "name": "35484", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35484" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2166.json b/2009/2xxx/CVE-2009-2166.json index 4f5f8526a1d..5542e43ec7e 100644 --- a/2009/2xxx/CVE-2009-2166.json +++ b/2009/2xxx/CVE-2009-2166.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090602 OCS Inventory NG 1.02 - Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504047/100/0/threaded" - }, - { - "name" : "8868", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8868" - }, - { - "name" : "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml", - "refsource" : "MISC", - "url" : "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml" - }, - { - "name" : "ocsinventory-cvs-info-disclosure(50946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8868", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8868" + }, + { + "name": "20090602 OCS Inventory NG 1.02 - Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded" + }, + { + "name": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml", + "refsource": "MISC", + "url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml" + }, + { + "name": "ocsinventory-cvs-info-disclosure(50946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2321.json b/2009/2xxx/CVE-2009-2321.json index 58a16c9763e..b041179a375 100644 --- a/2009/2xxx/CVE-2009-2321.json +++ b/2009/2xxx/CVE-2009-2321.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090702 Multiple Flaws in Axesstel MV 410R", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504716/100/0/threaded" - }, - { - "name" : "35563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35563" - }, - { - "name" : "55681", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55681", + "refsource": "OSVDB", + "url": "http://osvdb.org/55681" + }, + { + "name": "35563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35563" + }, + { + "name": "20090702 Multiple Flaws in Axesstel MV 410R", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504716/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2460.json b/2009/2xxx/CVE-2009-2460.json index 5b0b436cb97..f58229c4e0e 100644 --- a/2009/2xxx/CVE-2009-2460.json +++ b/2009/2xxx/CVE-2009-2460.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090713 [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and commandinjection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504919/100/0/threaded" - }, - { - "name" : "http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2009-010.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2009-010.html" - }, - { - "name" : "35816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35816" - }, - { - "name" : "ADV-2009-1875", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1875" - }, - { - "name" : "mathtex-mathtex-bo(51796)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1875", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1875" + }, + { + "name": "20090713 [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and commandinjection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504919/100/0/threaded" + }, + { + "name": "mathtex-mathtex-bo(51796)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51796" + }, + { + "name": "35816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35816" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2009-010.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2009-010.html" + }, + { + "name": "http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578", + "refsource": "MISC", + "url": "http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2738.json b/2009/2xxx/CVE-2009-2738.json index 4dcb420e45b..aeb34e7eed5 100644 --- a/2009/2xxx/CVE-2009-2738.json +++ b/2009/2xxx/CVE-2009-2738.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html", - "refsource" : "MISC", - "url" : "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html" - }, - { - "name" : "http://www.freenas.org/index.php?option=com_frontpage&Itemid=22", - "refsource" : "CONFIRM", - "url" : "http://www.freenas.org/index.php?option=com_frontpage&Itemid=22" - }, - { - "name" : "JVN#15267895", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN15267895/index.html" - }, - { - "name" : "JVNDB-2009-000053", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.freenas.org/index.php?option=com_frontpage&Itemid=22", + "refsource": "CONFIRM", + "url": "http://www.freenas.org/index.php?option=com_frontpage&Itemid=22" + }, + { + "name": "JVN#15267895", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN15267895/index.html" + }, + { + "name": "JVNDB-2009-000053", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html" + }, + { + "name": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html", + "refsource": "MISC", + "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3164.json b/2009/3xxx/CVE-2009-3164.json index 15a2f602fac..552223814f5 100644 --- a/2009/3xxx/CVE-2009-3164.json +++ b/2009/3xxx/CVE-2009-3164.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-10-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-10-1" - }, - { - "name" : "265608", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265608-1" - }, - { - "name" : "1020829", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020829.1-1" - }, - { - "name" : "36616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36616" - }, - { - "name" : "ADV-2009-2556", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020829", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020829.1-1" + }, + { + "name": "ADV-2009-2556", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2556" + }, + { + "name": "36616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36616" + }, + { + "name": "265608", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265608-1" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-10-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-10-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3788.json b/2009/3xxx/CVE-2009-3788.json index ecef7ce5c66..5bccf940c8b 100644 --- a/2009/3xxx/CVE-2009-3788.json +++ b/2009/3xxx/CVE-2009-3788.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt" - }, - { - "name" : "36777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36777" - }, - { - "name" : "59301", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59301" - }, - { - "name" : "30750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30750" - }, - { - "name" : "opendocman-user-sql-injection(53886)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59301", + "refsource": "OSVDB", + "url": "http://osvdb.org/59301" + }, + { + "name": "36777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36777" + }, + { + "name": "opendocman-user-sql-injection(53886)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53886" + }, + { + "name": "30750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30750" + }, + { + "name": "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4030.json b/2009/4xxx/CVE-2009-4030.json index 60bc41f1e22..6d703d8c64c 100644 --- a/2009/4xxx/CVE-2009-4030.json +++ b/2009/4xxx/CVE-2009-4030.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[commits] 20091110 bzr commit into mysql-5.0-bugteam branch (joro:2845) Bug#32167", - "refsource" : "MLIST", - "url" : "http://lists.mysql.com/commits/89940" - }, - { - "name" : "[oss-security] 20091119 mysql-5.1.41", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/19/3" - }, - { - "name" : "[oss-security] 20091124 Re: mysql-5.1.41", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125908040022018&w=2" - }, - { - "name" : "[oss-security] 20091124 Re: mysql-5.1.41", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/24/6" - }, - { - "name" : "[oss-security] 20091124 Re: mysql-5.1.41", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125908080222685&w=2" - }, - { - "name" : "http://bugs.mysql.com/bug.php?id=32167", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/bug.php?id=32167" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "DSA-1997", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1997" - }, - { - "name" : "RHSA-2010:0109", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0109.html" - }, - { - "name" : "RHSA-2010:0110", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0110.html" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html" - }, - { - "name" : "USN-897-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-897-1" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "oval:org.mitre.oval:def:11116", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116" - }, - { - "name" : "oval:org.mitre.oval:def:8156", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156" - }, - { - "name" : "38573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38573" - }, - { - "name" : "38517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38517" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38573" + }, + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "38517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38517" + }, + { + "name": "RHSA-2010:0109", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "[oss-security] 20091124 Re: mysql-5.1.41", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/24/6" + }, + { + "name": "USN-897-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-897-1" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "[oss-security] 20091119 mysql-5.1.41", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/19/3" + }, + { + "name": "[oss-security] 20091124 Re: mysql-5.1.41", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125908080222685&w=2" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "[oss-security] 20091124 Re: mysql-5.1.41", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125908040022018&w=2" + }, + { + "name": "oval:org.mitre.oval:def:11116", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116" + }, + { + "name": "RHSA-2010:0110", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0110.html" + }, + { + "name": "SUSE-SR:2010:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=32167", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/bug.php?id=32167" + }, + { + "name": "[commits] 20091110 bzr commit into mysql-5.0-bugteam branch (joro:2845) Bug#32167", + "refsource": "MLIST", + "url": "http://lists.mysql.com/commits/89940" + }, + { + "name": "oval:org.mitre.oval:def:8156", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156" + }, + { + "name": "DSA-1997", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1997" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4085.json b/2009/4xxx/CVE-2009-4085.json index 17eb36d8d0e..d9ce30e54ed 100644 --- a/2009/4xxx/CVE-2009-4085.json +++ b/2009/4xxx/CVE-2009-4085.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "60466", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60466" - }, - { - "name" : "37455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37455" - }, - { - "name" : "phptraverser-mp3id-file-include(54378)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phptraverser-mp3id-file-include(54378)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54378" + }, + { + "name": "37455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37455" + }, + { + "name": "60466", + "refsource": "OSVDB", + "url": "http://osvdb.org/60466" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4256.json b/2009/4xxx/CVE-2009-4256.json index 8216be42d24..845da2f2bbd 100644 --- a/2009/4xxx/CVE-2009-4256.json +++ b/2009/4xxx/CVE-2009-4256.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10358", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10358" - }, - { - "name" : "37626", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37626" - }, - { - "name" : "alefmentor-cource-sql-injection(54624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10358", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10358" + }, + { + "name": "37626", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37626" + }, + { + "name": "alefmentor-cource-sql-injection(54624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54624" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4735.json b/2009/4xxx/CVE-2009-4735.json index d241563a03a..800594ba55b 100644 --- a/2009/4xxx/CVE-2009-4735.json +++ b/2009/4xxx/CVE-2009-4735.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9274", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9274" - }, - { - "name" : "ADV-2009-2030", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2030" - }, - { - "name" : "songsandclips-login-sql-injection(52013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "songsandclips-login-sql-injection(52013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52013" + }, + { + "name": "9274", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9274" + }, + { + "name": "ADV-2009-2030", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2030" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2658.json b/2012/2xxx/CVE-2012-2658.json index 1a7a5c3ff56..8f438eb4271 100644 --- a/2012/2xxx/CVE-2012-2658.json +++ b/2012/2xxx/CVE-2012-2658.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120529 CVE id request: Multiple buffer overflow in unixODBC", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/29/7" - }, - { - "name" : "[oss-security] 20120529 Re: CVE id request: Multiple buffer overflow in unixODBC", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/29/10" - }, - { - "name" : "[oss-security] 20120530 Re: CVE id request: Multiple buffer overflow in unixODBC", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/30/7" - }, - { - "name" : "[oss-security] 20120531 Re: CVE id request: Multiple buffer overflow in unixODBC", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/31/2" - }, - { - "name" : "[oss-security] 20120605 Re: CVE id request: Multiple buffer overflow in unixODBC", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/06/3" - }, - { - "name" : "53712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53712" - }, - { - "name" : "82460", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82460" - }, - { - "name" : "unixodbc-sdc-bo(75940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "82460", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82460" + }, + { + "name": "unixodbc-sdc-bo(75940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75940" + }, + { + "name": "[oss-security] 20120605 Re: CVE id request: Multiple buffer overflow in unixODBC", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/06/3" + }, + { + "name": "[oss-security] 20120530 Re: CVE id request: Multiple buffer overflow in unixODBC", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/30/7" + }, + { + "name": "[oss-security] 20120531 Re: CVE id request: Multiple buffer overflow in unixODBC", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/31/2" + }, + { + "name": "53712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53712" + }, + { + "name": "[oss-security] 20120529 Re: CVE id request: Multiple buffer overflow in unixODBC", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/29/10" + }, + { + "name": "[oss-security] 20120529 CVE id request: Multiple buffer overflow in unixODBC", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/29/7" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0252.json b/2015/0xxx/CVE-2015-0252.json index 1df5dd55c29..22986661aed 100644 --- a/2015/0xxx/CVE-2015-0252.json +++ b/2015/0xxx/CVE-2015-0252.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36906", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36906/" - }, - { - "name" : "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html" - }, - { - "name" : "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt", - "refsource" : "CONFIRM", - "url" : "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt" - }, - { - "name" : "https://shibboleth.net/community/advisories/secadv_20150319.txt", - "refsource" : "CONFIRM", - "url" : "https://shibboleth.net/community/advisories/secadv_20150319.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "DSA-3199", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3199" - }, - { - "name" : "FEDORA-2015-4226", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html" - }, - { - "name" : "FEDORA-2015-4272", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html" - }, - { - "name" : "FEDORA-2015-4228", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html" - }, - { - "name" : "FEDORA-2015-4251", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html" - }, - { - "name" : "FEDORA-2015-4285", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html" - }, - { - "name" : "FEDORA-2015-4321", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html" - }, - { - "name" : "RHSA-2015:1193", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1193.html" - }, - { - "name" : "openSUSE-SU-2016:0966", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html" - }, - { - "name" : "73252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73252" - }, - { - "name" : "1032254", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3199", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3199" + }, + { + "name": "73252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73252" + }, + { + "name": "FEDORA-2015-4226", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html" + }, + { + "name": "FEDORA-2015-4228", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html" + }, + { + "name": "FEDORA-2015-4321", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html" + }, + { + "name": "openSUSE-SU-2016:0966", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html" + }, + { + "name": "FEDORA-2015-4251", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html" + }, + { + "name": "RHSA-2015:1193", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1193.html" + }, + { + "name": "FEDORA-2015-4272", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html" + }, + { + "name": "FEDORA-2015-4285", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html" + }, + { + "name": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html" + }, + { + "name": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt", + "refsource": "CONFIRM", + "url": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt" + }, + { + "name": "1032254", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032254" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "36906", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36906/" + }, + { + "name": "https://shibboleth.net/community/advisories/secadv_20150319.txt", + "refsource": "CONFIRM", + "url": "https://shibboleth.net/community/advisories/secadv_20150319.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0253.json b/2015/0xxx/CVE-2015-0253.json index 8380b1090bf..bbd748e937e 100644 --- a/2015/0xxx/CVE-2015-0253.json +++ b/2015/0xxx/CVE-2015-0253.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://httpd.apache.org/security/vulnerabilities_24.html", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/security/vulnerabilities_24.html" - }, - { - "name" : "http://www.apache.org/dist/httpd/CHANGES_2.4", - "refsource" : "CONFIRM", - "url" : "http://www.apache.org/dist/httpd/CHANGES_2.4" - }, - { - "name" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531", - "refsource" : "CONFIRM", - "url" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531" - }, - { - "name" : "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb", - "refsource" : "CONFIRM", - "url" : "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "https://support.apple.com/HT205219", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205219" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html" - }, - { - "name" : "RHSA-2015:1666", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1666.html" - }, - { - "name" : "75964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75964" - }, - { - "name" : "1032967", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531", + "refsource": "CONFIRM", + "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531" + }, + { + "name": "http://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "name": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb", + "refsource": "CONFIRM", + "url": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "http://www.apache.org/dist/httpd/CHANGES_2.4", + "refsource": "CONFIRM", + "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" + }, + { + "name": "RHSA-2015:1666", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html" + }, + { + "name": "1032967", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032967" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "75964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75964" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "APPLE-SA-2015-09-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html" + }, + { + "name": "https://support.apple.com/HT205219", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205219" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0685.json b/2015/0xxx/CVE-2015-0685.json index ec20e4b500d..07ce59f36d1 100644 --- a/2015/0xxx/CVE-2015-0685.json +++ b/2015/0xxx/CVE-2015-0685.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150331 Cisco ASR1000 Series Routers Incomplete or Glean Adjacencies Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38124" - }, - { - "name" : "1032004", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150331 Cisco ASR1000 Series Routers Incomplete or Glean Adjacencies Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38124" + }, + { + "name": "1032004", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032004" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0935.json b/2015/0xxx/CVE-2015-0935.json index 7607fbfbee7..5d14ffc6bf2 100644 --- a/2015/0xxx/CVE-2015-0935.json +++ b/2015/0xxx/CVE-2015-0935.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-0935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39958", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39958/" - }, - { - "name" : "VU#978652", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/978652" - }, - { - "name" : "74460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#978652", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/978652" + }, + { + "name": "74460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74460" + }, + { + "name": "39958", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39958/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1037.json b/2015/1xxx/CVE-2015-1037.json index f378fe00cb0..3d399de15f6 100644 --- a/2015/1xxx/CVE-2015-1037.json +++ b/2015/1xxx/CVE-2015-1037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1037", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1037", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1059.json b/2015/1xxx/CVE-2015-1059.json index 097b2a661d6..6f2d0c7838a 100644 --- a/2015/1xxx/CVE-2015-1059.json +++ b/2015/1xxx/CVE-2015-1059.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35710", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35710" - }, - { - "name" : "http://packetstormsecurity.com/files/129814/AdaptCMS-3.0.3-Remote-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129814/AdaptCMS-3.0.3-Remote-Command-Execution.html" - }, - { - "name" : "http://zeroscience.mk/en/vulnerabilities/ZSL-2015-5220.php", - "refsource" : "MISC", - "url" : "http://zeroscience.mk/en/vulnerabilities/ZSL-2015-5220.php" - }, - { - "name" : "116722", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116722" - }, - { - "name" : "adaptcms-appwebrootuploads-file-upload(99616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "116722", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116722" + }, + { + "name": "http://zeroscience.mk/en/vulnerabilities/ZSL-2015-5220.php", + "refsource": "MISC", + "url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2015-5220.php" + }, + { + "name": "http://packetstormsecurity.com/files/129814/AdaptCMS-3.0.3-Remote-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129814/AdaptCMS-3.0.3-Remote-Command-Execution.html" + }, + { + "name": "adaptcms-appwebrootuploads-file-upload(99616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99616" + }, + { + "name": "35710", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35710" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1289.json b/2015/1xxx/CVE-2015-1289.json index a052d98c897..0a1ae201009 100644 --- a/2015/1xxx/CVE-2015-1289.json +++ b/2015/1xxx/CVE-2015-1289.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=512110", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=512110" - }, - { - "name" : "https://crbug.com/398235", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/398235" - }, - { - "name" : "https://crbug.com/401995", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/401995" - }, - { - "name" : "https://crbug.com/404462", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/404462" - }, - { - "name" : "https://crbug.com/458024", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/458024" - }, - { - "name" : "https://crbug.com/459898", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/459898" - }, - { - "name" : "https://crbug.com/460938", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/460938" - }, - { - "name" : "https://crbug.com/471990", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/471990" - }, - { - "name" : "https://crbug.com/477713", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/477713" - }, - { - "name" : "https://crbug.com/478575", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/478575" - }, - { - "name" : "https://crbug.com/484432", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/484432" - }, - { - "name" : "https://crbug.com/485855", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/485855" - }, - { - "name" : "https://crbug.com/486004", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/486004" - }, - { - "name" : "https://crbug.com/487286", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/487286" - }, - { - "name" : "https://crbug.com/491216", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/491216" - }, - { - "name" : "https://crbug.com/492448", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/492448" - }, - { - "name" : "https://crbug.com/492981", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/492981" - }, - { - "name" : "https://crbug.com/495682", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/495682" - }, - { - "name" : "https://crbug.com/504692", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/504692" - }, - { - "name" : "https://crbug.com/506749", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/506749" - }, - { - "name" : "https://crbug.com/507821", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/507821" - }, - { - "name" : "DSA-3315", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3315" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=512110", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=512110" + }, + { + "name": "https://crbug.com/506749", + "refsource": "CONFIRM", + "url": "https://crbug.com/506749" + }, + { + "name": "https://crbug.com/495682", + "refsource": "CONFIRM", + "url": "https://crbug.com/495682" + }, + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "https://crbug.com/471990", + "refsource": "CONFIRM", + "url": "https://crbug.com/471990" + }, + { + "name": "https://crbug.com/458024", + "refsource": "CONFIRM", + "url": "https://crbug.com/458024" + }, + { + "name": "https://crbug.com/459898", + "refsource": "CONFIRM", + "url": "https://crbug.com/459898" + }, + { + "name": "https://crbug.com/404462", + "refsource": "CONFIRM", + "url": "https://crbug.com/404462" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "https://crbug.com/477713", + "refsource": "CONFIRM", + "url": "https://crbug.com/477713" + }, + { + "name": "https://crbug.com/487286", + "refsource": "CONFIRM", + "url": "https://crbug.com/487286" + }, + { + "name": "https://crbug.com/484432", + "refsource": "CONFIRM", + "url": "https://crbug.com/484432" + }, + { + "name": "https://crbug.com/485855", + "refsource": "CONFIRM", + "url": "https://crbug.com/485855" + }, + { + "name": "https://crbug.com/486004", + "refsource": "CONFIRM", + "url": "https://crbug.com/486004" + }, + { + "name": "https://crbug.com/398235", + "refsource": "CONFIRM", + "url": "https://crbug.com/398235" + }, + { + "name": "https://crbug.com/507821", + "refsource": "CONFIRM", + "url": "https://crbug.com/507821" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "https://crbug.com/504692", + "refsource": "CONFIRM", + "url": "https://crbug.com/504692" + }, + { + "name": "https://crbug.com/491216", + "refsource": "CONFIRM", + "url": "https://crbug.com/491216" + }, + { + "name": "https://crbug.com/478575", + "refsource": "CONFIRM", + "url": "https://crbug.com/478575" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "https://crbug.com/401995", + "refsource": "CONFIRM", + "url": "https://crbug.com/401995" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "https://crbug.com/492981", + "refsource": "CONFIRM", + "url": "https://crbug.com/492981" + }, + { + "name": "https://crbug.com/460938", + "refsource": "CONFIRM", + "url": "https://crbug.com/460938" + }, + { + "name": "DSA-3315", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3315" + }, + { + "name": "https://crbug.com/492448", + "refsource": "CONFIRM", + "url": "https://crbug.com/492448" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4414.json b/2015/4xxx/CVE-2015-4414.json index 92313a890a8..808dac7f4d0 100644 --- a/2015/4xxx/CVE-2015-4414.json +++ b/2015/4xxx/CVE-2015-4414.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37274", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37274/" - }, - { - "name" : "http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html" - }, - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=124", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=124" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8032", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8032" - }, - { - "name" : "75093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapid.dhs.org/advisory.php?v=124", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=124" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8032", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8032" + }, + { + "name": "37274", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37274/" + }, + { + "name": "http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html" + }, + { + "name": "75093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75093" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5118.json b/2015/5xxx/CVE-2015-5118.json index 7a517b2c92d..9b0709ece38 100644 --- a/2015/5xxx/CVE-2015-5118.json +++ b/2015/5xxx/CVE-2015-5118.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-4432." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html" - }, - { - "name" : "GLSA-201507-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-13" - }, - { - "name" : "RHSA-2015:1214", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1214.html" - }, - { - "name" : "SUSE-SU-2015:1211", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html" - }, - { - "name" : "SUSE-SU-2015:1214", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html" - }, - { - "name" : "75592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75592" - }, - { - "name" : "1032810", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-4432." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75592" + }, + { + "name": "1032810", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032810" + }, + { + "name": "SUSE-SU-2015:1211", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html" + }, + { + "name": "RHSA-2015:1214", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1214.html" + }, + { + "name": "SUSE-SU-2015:1214", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html" + }, + { + "name": "GLSA-201507-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-13" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5960.json b/2015/5xxx/CVE-2015-5960.json index eaee106503f..d3e98fb612d 100644 --- a/2015/5xxx/CVE-2015-5960.json +++ b/2015/5xxx/CVE-2015-5960.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-74.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-74.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111725", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111725" - }, - { - "name" : "76254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76254" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-74.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-74.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111725", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111725" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3341.json b/2018/3xxx/CVE-2018-3341.json index b79b0f4a11d..ce9397456cc 100644 --- a/2018/3xxx/CVE-2018-3341.json +++ b/2018/3xxx/CVE-2018-3341.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3341", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3341", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3621.json b/2018/3xxx/CVE-2018-3621.json index 08fe7aaad1e..27f5ce4d0f9 100644 --- a/2018/3xxx/CVE-2018-3621.json +++ b/2018/3xxx/CVE-2018-3621.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2018-3621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Driver & Support Assistant", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 3.6.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2018-3621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Driver & Support Assistant", + "version": { + "version_data": [ + { + "version_value": "Versions before 3.6.0.4" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00187.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00187.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00187.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00187.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6115.json b/2018/6xxx/CVE-2018-6115.json index 82eeca7f75e..a10d3b701e1 100644 --- a/2018/6xxx/CVE-2018-6115.json +++ b/2018/6xxx/CVE-2018-6115.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "66.0.3359.117" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "66.0.3359.117" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/819809", - "refsource" : "MISC", - "url" : "https://crbug.com/819809" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "GLSA-201804-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-22" - }, - { - "name" : "103917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201804-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-22" + }, + { + "name": "https://crbug.com/819809", + "refsource": "MISC", + "url": "https://crbug.com/819809" + }, + { + "name": "103917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103917" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6280.json b/2018/6xxx/CVE-2018-6280.json index b34ebba03ee..1a0e671fdef 100644 --- a/2018/6xxx/CVE-2018-6280.json +++ b/2018/6xxx/CVE-2018-6280.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6280", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6280", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6366.json b/2018/6xxx/CVE-2018-6366.json index 08d282b86c3..2528d11f493 100644 --- a/2018/6xxx/CVE-2018-6366.json +++ b/2018/6xxx/CVE-2018-6366.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6366", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6366", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7070.json b/2018/7xxx/CVE-2018-7070.json index d43d39bffcf..311cc3eea9c 100644 --- a/2018/7xxx/CVE-2018-7070.json +++ b/2018/7xxx/CVE-2018-7070.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE CentralView Fraud Risk Management", - "version" : { - "version_data" : [ - { - "version_value" : "earlier than version CV 6.1" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote disclosure of information" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE CentralView Fraud Risk Management", + "version": { + "version_data": [ + { + "version_value": "earlier than version CV 6.1" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote disclosure of information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7097.json b/2018/7xxx/CVE-2018-7097.json index c14b6c3a5da..fbf7866426b 100644 --- a/2018/7xxx/CVE-2018-7097.json +++ b/2018/7xxx/CVE-2018-7097.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE 3PAR Service Processors", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to SP-4.4.0.GA-110(MU7)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "cross-site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE 3PAR Service Processors", + "version": { + "version_data": [ + { + "version_value": "Prior to SP-4.4.0.GA-110(MU7)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7466.json b/2018/7xxx/CVE-2018-7466.json index 932fd9d7ed1..5799dee568a 100644 --- a/2018/7xxx/CVE-2018-7466.json +++ b/2018/7xxx/CVE-2018-7466.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44226", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44226/" - }, - { - "name" : "44349", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44349/" - }, - { - "name" : "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679", - "refsource" : "MISC", - "url" : "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44226", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44226/" + }, + { + "name": "44349", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44349/" + }, + { + "name": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679", + "refsource": "MISC", + "url": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7570.json b/2018/7xxx/CVE-2018-7570.json index ff7a09bfb37..cad6742365f 100644 --- a/2018/7xxx/CVE-2018-7570.json +++ b/2018/7xxx/CVE-2018-7570.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22881", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22881" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d" - }, - { - "name" : "GLSA-201811-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201811-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-17" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22881", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22881" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8136.json b/2018/8xxx/CVE-2018-8136.json index 82c6aafdb84..63cc6e0cf3a 100644 --- a/2018/8xxx/CVE-2018-8136.json +++ b/2018/8xxx/CVE-2018-8136.json @@ -1,216 +1,216 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka \"Windows Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8136", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8136" - }, - { - "name" : "104044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104044" - }, - { - "name" : "1040849", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka \"Windows Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040849", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040849" + }, + { + "name": "104044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104044" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8136", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8136" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8506.json b/2018/8xxx/CVE-2018-8506.json index b3a2430beff..ebe600c876f 100644 --- a/2018/8xxx/CVE-2018-8506.json +++ b/2018/8xxx/CVE-2018-8506.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka \"Microsoft Windows Codecs Library Information Disclosure Vulnerability.\" This affects Windows 10 Servers, Windows 10, Windows Server 2019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8506", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8506" - }, - { - "name" : "105466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105466" - }, - { - "name" : "1041833", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka \"Microsoft Windows Codecs Library Information Disclosure Vulnerability.\" This affects Windows 10 Servers, Windows 10, Windows Server 2019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041833", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041833" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8506", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8506" + }, + { + "name": "105466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105466" + } + ] + } +} \ No newline at end of file