diff --git a/2002/2xxx/CVE-2002-2165.json b/2002/2xxx/CVE-2002-2165.json index b34a7cdba61..c74acd05bf4 100644 --- a/2002/2xxx/CVE-2002-2165.json +++ b/2002/2xxx/CVE-2002-2165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securitybugware.org/Other/5537.html", - "refsource" : "MISC", - "url" : "http://www.securitybugware.org/Other/5537.html" - }, - { - "name" : "imho-roxen-session-hijacking(9615)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9615.php" - }, - { - "name" : "5238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securitybugware.org/Other/5537.html", + "refsource": "MISC", + "url": "http://www.securitybugware.org/Other/5537.html" + }, + { + "name": "imho-roxen-session-hijacking(9615)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9615.php" + }, + { + "name": "5238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5238" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0200.json b/2005/0xxx/CVE-2005-0200.json index c8a27892a91..5b80665abe5 100644 --- a/2005/0xxx/CVE-2005-0200.json +++ b/2005/0xxx/CVE-2005-0200.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200501-41", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml" - }, - { - "name" : "http://tikiwiki.org/art102", - "refsource" : "CONFIRM", - "url" : "http://tikiwiki.org/art102" - }, - { - "name" : "13948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200501-41", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml" + }, + { + "name": "13948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13948" + }, + { + "name": "http://tikiwiki.org/art102", + "refsource": "CONFIRM", + "url": "http://tikiwiki.org/art102" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1135.json b/2005/1xxx/CVE-2005-1135.json index e1cf24921cb..3f901abc662 100644 --- a/2005/1xxx/CVE-2005-1135.json +++ b/2005/1xxx/CVE-2005-1135.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050415 [ECHO_ADV_12$2005] Vulnerabilities in sphpblog", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111359320312609&w=2" - }, - { - "name" : "http://echo.or.id/adv/adv12-y3dips-2005.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv12-y3dips-2005.txt" - }, - { - "name" : "http://www.waraxe.us/ftopict-651.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/ftopict-651.html" - }, - { - "name" : "13170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://echo.or.id/adv/adv12-y3dips-2005.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv12-y3dips-2005.txt" + }, + { + "name": "20050415 [ECHO_ADV_12$2005] Vulnerabilities in sphpblog", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111359320312609&w=2" + }, + { + "name": "http://www.waraxe.us/ftopict-651.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/ftopict-651.html" + }, + { + "name": "13170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13170" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1317.json b/2005/1xxx/CVE-2005-1317.json index 876abfac58d..ef57edba2b8 100644 --- a/2005/1xxx/CVE-2005-1317.json +++ b/2005/1xxx/CVE-2005-1317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050422 Chora 1.2.3 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/chora/Week-of-Mon-20050418/004050.html" - }, - { - "name" : "http://cvs.horde.org/diff.php/chora/docs/CHANGES?r1=1.45.2.34&r2=1.45.2.37&ty=h", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/diff.php/chora/docs/CHANGES?r1=1.45.2.34&r2=1.45.2.37&ty=h" - }, - { - "name" : "15083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvs.horde.org/diff.php/chora/docs/CHANGES?r1=1.45.2.34&r2=1.45.2.37&ty=h", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/diff.php/chora/docs/CHANGES?r1=1.45.2.34&r2=1.45.2.37&ty=h" + }, + { + "name": "15083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15083" + }, + { + "name": "20050422 Chora 1.2.3 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/chora/Week-of-Mon-20050418/004050.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1361.json b/2005/1xxx/CVE-2005-1361.json index 1604db599c6..ea79fc1a311 100644 --- a/2005/1xxx/CVE-2005-1361.json +++ b/2005/1xxx/CVE-2005-1361.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050426 Multiple SQL Injections in MetaCart e-Shop V-8", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111453994718211&w=2" - }, - { - "name" : "13376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13376" - }, - { - "name" : "13377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13377" - }, - { - "name" : "metacart-eshop-sql-injection(20283)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13376" + }, + { + "name": "20050426 Multiple SQL Injections in MetaCart e-Shop V-8", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111453994718211&w=2" + }, + { + "name": "13377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13377" + }, + { + "name": "metacart-eshop-sql-injection(20283)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20283" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1384.json b/2005/1xxx/CVE-2005-1384.json index 02cd0f6ea46..1d0a5c6b6c8 100644 --- a/2005/1xxx/CVE-2005-1384.json +++ b/2005/1xxx/CVE-2005-1384.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050428 Multiple Sql injections in phpCoin v1.2.2 and below", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111473522804665&w=2" - }, - { - "name" : "http://digitalparadox.org/viewadvisories.ah?view=36", - "refsource" : "MISC", - "url" : "http://digitalparadox.org/viewadvisories.ah?view=36" - }, - { - "name" : "http://pridels0.blogspot.com/2006/03/phpcoin-poc.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/03/phpcoin-poc.html" - }, - { - "name" : "13433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13433" - }, - { - "name" : "ADV-2005-0423", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0423" - }, - { - "name" : "1013834", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013834" - }, - { - "name" : "phpcoin-multiple-sql-injection(20308)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpcoin-multiple-sql-injection(20308)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20308" + }, + { + "name": "20050428 Multiple Sql injections in phpCoin v1.2.2 and below", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111473522804665&w=2" + }, + { + "name": "1013834", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013834" + }, + { + "name": "http://pridels0.blogspot.com/2006/03/phpcoin-poc.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/03/phpcoin-poc.html" + }, + { + "name": "http://digitalparadox.org/viewadvisories.ah?view=36", + "refsource": "MISC", + "url": "http://digitalparadox.org/viewadvisories.ah?view=36" + }, + { + "name": "13433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13433" + }, + { + "name": "ADV-2005-0423", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0423" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1448.json b/2005/1xxx/CVE-2005-1448.json index 4394ae7c3e1..e252c4fb971 100644 --- a/2005/1xxx/CVE-2005-1448.json +++ b/2005/1xxx/CVE-2005-1448.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.s9y.org/63.html#A9", - "refsource" : "CONFIRM", - "url" : "http://www.s9y.org/63.html#A9" - }, - { - "name" : "13411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13411" - }, - { - "name" : "15876", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15876" - }, - { - "name" : "15145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13411" + }, + { + "name": "15145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15145" + }, + { + "name": "http://www.s9y.org/63.html#A9", + "refsource": "CONFIRM", + "url": "http://www.s9y.org/63.html#A9" + }, + { + "name": "15876", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15876" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3213.json b/2005/3xxx/CVE-2005-3213.json index c4d91177716..433116d636b 100644 --- a/2005/3xxx/CVE-2005-3213.json +++ b/2005/3xxx/CVE-2005-3213.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Antivirus detection bypass by special crafted archive.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" - }, - { - "name" : "http://shadock.net/secubox/AVCraftedArchive.html", - "refsource" : "MISC", - "url" : "http://shadock.net/secubox/AVCraftedArchive.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shadock.net/secubox/AVCraftedArchive.html", + "refsource": "MISC", + "url": "http://shadock.net/secubox/AVCraftedArchive.html" + }, + { + "name": "20051007 Antivirus detection bypass by special crafted archive.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3926.json b/2005/3xxx/CVE-2005-3926.json index 4382028cf43..485c5c191f5 100644 --- a/2005/3xxx/CVE-2005-3926.json +++ b/2005/3xxx/CVE-2005-3926.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051128 Guppy <= 4.5.9 Remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417899/100/0/threaded" - }, - { - "name" : "http://rgod.altervista.org/guppy459_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/guppy459_xpl.html" - }, - { - "name" : "15609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15609" - }, - { - "name" : "ADV-2005-2635", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2635" - }, - { - "name" : "1015279", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015279" - }, - { - "name" : "17790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17790" - }, - { - "name" : "guppy-error-file-include(23318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015279", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015279" + }, + { + "name": "20051128 Guppy <= 4.5.9 Remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417899/100/0/threaded" + }, + { + "name": "17790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17790" + }, + { + "name": "15609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15609" + }, + { + "name": "guppy-error-file-include(23318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23318" + }, + { + "name": "http://rgod.altervista.org/guppy459_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/guppy459_xpl.html" + }, + { + "name": "ADV-2005-2635", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2635" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0091.json b/2009/0xxx/CVE-2009-0091.json index b1f1337bdb7..60275c49842 100644 --- a/2009/0xxx/CVE-2009-0091.json +++ b/2009/0xxx/CVE-2009-0091.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft .NET Framework Type Verification Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061" - }, - { - "name" : "TA09-286A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6451", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft .NET Framework Type Verification Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA09-286A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" + }, + { + "name": "oval:org.mitre.oval:def:6451", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6451" + }, + { + "name": "MS09-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0349.json b/2009/0xxx/CVE-2009-0349.json index 7c6723588df..68c8d1a3fcf 100644 --- a/2009/0xxx/CVE-2009-0349.json +++ b/2009/0xxx/CVE-2009-0349.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7852", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7852" - }, - { - "name" : "51510", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51510" - }, - { - "name" : "33597", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7852", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7852" + }, + { + "name": "33597", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33597" + }, + { + "name": "51510", + "refsource": "OSVDB", + "url": "http://osvdb.org/51510" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0531.json b/2009/0xxx/CVE-2009-0531.json index 1372f262a13..066fb675dc2 100644 --- a/2009/0xxx/CVE-2009-0531.json +++ b/2009/0xxx/CVE-2009-0531.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8012", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8012" - }, - { - "name" : "http://www.ontarioabandonedplaces.com/ipguardian/gallery/readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.ontarioabandonedplaces.com/ipguardian/gallery/readme.txt" - }, - { - "name" : "33693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33693" - }, - { - "name" : "33874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33874" - }, - { - "name" : "bettermember-view-sql-injection(48612)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33693" + }, + { + "name": "8012", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8012" + }, + { + "name": "http://www.ontarioabandonedplaces.com/ipguardian/gallery/readme.txt", + "refsource": "CONFIRM", + "url": "http://www.ontarioabandonedplaces.com/ipguardian/gallery/readme.txt" + }, + { + "name": "bettermember-view-sql-injection(48612)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48612" + }, + { + "name": "33874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33874" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0692.json b/2009/0xxx/CVE-2009-0692.json index 017303e3cb2..901908fb95f 100644 --- a/2009/0xxx/CVE-2009-0692.json +++ b/2009/0xxx/CVE-2009-0692.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-0692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.isc.org/node/468", - "refsource" : "CONFIRM", - "url" : "https://www.isc.org/node/468" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=507717", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=507717" - }, - { - "name" : "https://www.isc.org/downloadables/12", - "refsource" : "CONFIRM", - "url" : "https://www.isc.org/downloadables/12" - }, - { - "name" : "DSA-1833", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1833" - }, - { - "name" : "FEDORA-2009-8344", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html" - }, - { - "name" : "FEDORA-2009-9075", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html" - }, - { - "name" : "GLSA-200907-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-12.xml" - }, - { - "name" : "HPSBMA02554", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083" - }, - { - "name" : "SSRT100018", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083" - }, - { - "name" : "MDVSA-2009:151", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151" - }, - { - "name" : "NetBSD-SA2009-010", - "refsource" : "NETBSD", - "url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc" - }, - { - "name" : "RHSA-2009:1136", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1136.html" - }, - { - "name" : "RHSA-2009:1154", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1154.html" - }, - { - "name" : "SSA:2009-195-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471" - }, - { - "name" : "SUSE-SA:2009:037", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html" - }, - { - "name" : "USN-803-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-803-1" - }, - { - "name" : "VU#410676", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/410676" - }, - { - "name" : "35668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35668" - }, - { - "name" : "55819", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55819" - }, - { - "name" : "oval:org.mitre.oval:def:10758", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758" - }, - { - "name" : "oval:org.mitre.oval:def:5941", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941" - }, - { - "name" : "1022548", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022548" - }, - { - "name" : "35785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35785" - }, - { - "name" : "35829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35829" - }, - { - "name" : "35830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35830" - }, - { - "name" : "35831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35831" - }, - { - "name" : "35832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35832" - }, - { - "name" : "35841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35841" - }, - { - "name" : "35849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35849" - }, - { - "name" : "35850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35850" - }, - { - "name" : "35851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35851" - }, - { - "name" : "35880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35880" - }, - { - "name" : "36457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36457" - }, - { - "name" : "37342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37342" - }, - { - "name" : "40551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40551" - }, - { - "name" : "ADV-2009-1891", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1891" - }, - { - "name" : "ADV-2010-1796", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1891", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1891" + }, + { + "name": "https://www.isc.org/node/468", + "refsource": "CONFIRM", + "url": "https://www.isc.org/node/468" + }, + { + "name": "35830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35830" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=507717", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717" + }, + { + "name": "35832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35832" + }, + { + "name": "SSRT100018", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083" + }, + { + "name": "35850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35850" + }, + { + "name": "35785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35785" + }, + { + "name": "VU#410676", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/410676" + }, + { + "name": "35880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35880" + }, + { + "name": "SUSE-SA:2009:037", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html" + }, + { + "name": "HPSBMA02554", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083" + }, + { + "name": "FEDORA-2009-9075", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html" + }, + { + "name": "40551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40551" + }, + { + "name": "55819", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55819" + }, + { + "name": "35668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35668" + }, + { + "name": "DSA-1833", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1833" + }, + { + "name": "GLSA-200907-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-12.xml" + }, + { + "name": "MDVSA-2009:151", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151" + }, + { + "name": "RHSA-2009:1136", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html" + }, + { + "name": "35831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35831" + }, + { + "name": "35829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35829" + }, + { + "name": "ADV-2010-1796", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1796" + }, + { + "name": "35841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35841" + }, + { + "name": "oval:org.mitre.oval:def:5941", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941" + }, + { + "name": "oval:org.mitre.oval:def:10758", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758" + }, + { + "name": "USN-803-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-803-1" + }, + { + "name": "NetBSD-SA2009-010", + "refsource": "NETBSD", + "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc" + }, + { + "name": "https://www.isc.org/downloadables/12", + "refsource": "CONFIRM", + "url": "https://www.isc.org/downloadables/12" + }, + { + "name": "RHSA-2009:1154", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html" + }, + { + "name": "37342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37342" + }, + { + "name": "35851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35851" + }, + { + "name": "35849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35849" + }, + { + "name": "SSA:2009-195-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471" + }, + { + "name": "1022548", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022548" + }, + { + "name": "36457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36457" + }, + { + "name": "FEDORA-2009-8344", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1466.json b/2009/1xxx/CVE-2009-1466.json index 95ae29dd23d..93c6dc7b274 100644 --- a/2009/1xxx/CVE-2009-1466.json +++ b/2009/1xxx/CVE-2009-1466.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090512 Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503434/100/0/threaded" - }, - { - "name" : "http://www.syhunt.com/advisories/?id=aas-multiple", - "refsource" : "MISC", - "url" : "http://www.syhunt.com/advisories/?id=aas-multiple" - }, - { - "name" : "34911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34911" - }, - { - "name" : "1022204", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022204" - }, - { - "name" : "aas-aas-info-disclosure(50590)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.syhunt.com/advisories/?id=aas-multiple", + "refsource": "MISC", + "url": "http://www.syhunt.com/advisories/?id=aas-multiple" + }, + { + "name": "20090512 Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503434/100/0/threaded" + }, + { + "name": "34911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34911" + }, + { + "name": "aas-aas-info-disclosure(50590)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50590" + }, + { + "name": "1022204", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022204" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1468.json b/2009/1xxx/CVE-2009-1468.json index fe0e9cc6840..97f9bc51f73 100644 --- a/2009/1xxx/CVE-2009-1468.json +++ b/2009/1xxx/CVE-2009-1468.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090505 [RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503226/100/0/threaded" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2009-003", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2009-003" - }, - { - "name" : "34820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34820" - }, - { - "name" : "54228", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54228" - }, - { - "name" : "1022169", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022169" - }, - { - "name" : "ADV-2009-1253", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34820" + }, + { + "name": "1022169", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022169" + }, + { + "name": "ADV-2009-1253", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1253" + }, + { + "name": "54228", + "refsource": "OSVDB", + "url": "http://osvdb.org/54228" + }, + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2009-003", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2009-003" + }, + { + "name": "20090505 [RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503226/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1712.json b/2009/1xxx/CVE-2009-1712.json index 990252b95b2..463d41f6650 100644 --- a/2009/1xxx/CVE-2009-1712.json +++ b/2009/1xxx/CVE-2009-1712.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "DSA-1950", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1950" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-857-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-857-1" - }, - { - "name" : "USN-836-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-836-1" - }, - { - "name" : "35260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35260" - }, - { - "name" : "35350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35350" - }, - { - "name" : "55022", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55022" - }, - { - "name" : "1022345", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022345" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "37746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37746" - }, - { - "name" : "36790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36790" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "safari-applets-code-execution(51266)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "35260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35260" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "37746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37746" + }, + { + "name": "safari-applets-code-execution(51266)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51266" + }, + { + "name": "1022345", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022345" + }, + { + "name": "36790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36790" + }, + { + "name": "35350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35350" + }, + { + "name": "DSA-1950", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1950" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "USN-857-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-857-1" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + }, + { + "name": "USN-836-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-836-1" + }, + { + "name": "55022", + "refsource": "OSVDB", + "url": "http://osvdb.org/55022" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1989.json b/2009/1xxx/CVE-2009-1989.json index 602081cf946..5f2f25e79eb 100644 --- a/2009/1xxx/CVE-2009-1989.json +++ b/2009/1xxx/CVE-2009-1989.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 33, and 9.0 Bundle 24 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "35694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35694" - }, - { - "name" : "55911", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55911" - }, - { - "name" : "1022566", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022566" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "ADV-2009-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1900" - }, - { - "name" : "oracle-pse-jdee-pef-unspecified(51771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 33, and 9.0 Bundle 24 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55911", + "refsource": "OSVDB", + "url": "http://osvdb.org/55911" + }, + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "ADV-2009-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1900" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "1022566", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022566" + }, + { + "name": "oracle-pse-jdee-pef-unspecified(51771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51771" + }, + { + "name": "35694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35694" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3263.json b/2009/3xxx/CVE-2009-3263.json index 955a37f352f..2f9b47e1dd9 100644 --- a/2009/3xxx/CVE-2009-3263.json +++ b/2009/3xxx/CVE-2009-3263.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML \"active content.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506517/100/0/threaded" - }, - { - "name" : "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/", - "refsource" : "MISC", - "url" : "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=21238", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=21238" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html" - }, - { - "name" : "36416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36416" - }, - { - "name" : "36770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML \"active content.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506517/100/0/threaded" + }, + { + "name": "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/", + "refsource": "MISC", + "url": "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/" + }, + { + "name": "36416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36416" + }, + { + "name": "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=21238", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=21238" + }, + { + "name": "36770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36770" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4466.json b/2009/4xxx/CVE-2009-4466.json index a9a46df6451..5ab93e3da34 100644 --- a/2009/4xxx/CVE-2009-4466.json +++ b/2009/4xxx/CVE-2009-4466.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10598", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10598" - }, - { - "name" : "37448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37448" - }, - { - "name" : "deluxebb-misc-info-disclosure(54980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37448" + }, + { + "name": "10598", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10598" + }, + { + "name": "deluxebb-misc-info-disclosure(54980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54980" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2312.json b/2012/2xxx/CVE-2012-2312.json index f1ea744a44a..cf78d03206b 100644 --- a/2012/2xxx/CVE-2012-2312.json +++ b/2012/2xxx/CVE-2012-2312.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2312", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2312", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2618.json b/2012/2xxx/CVE-2012-2618.json index 115d1048353..26d7de71860 100644 --- a/2012/2xxx/CVE-2012-2618.json +++ b/2012/2xxx/CVE-2012-2618.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2618", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2618", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2630.json b/2012/2xxx/CVE-2012-2630.json index c30700d9d5d..42b521c3cbe 100644 --- a/2012/2xxx/CVE-2012-2630.json +++ b/2012/2xxx/CVE-2012-2630.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-2630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#23328321", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN23328321/index.html" - }, - { - "name" : "JVNDB-2012-000054", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#23328321", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN23328321/index.html" + }, + { + "name": "JVNDB-2012-000054", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000054" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2644.json b/2012/2xxx/CVE-2012-2644.json index ba7c7b394b5..6e07ff1bf91 100644 --- a/2012/2xxx/CVE-2012-2644.json +++ b/2012/2xxx/CVE-2012-2644.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-2644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hazama.nu/pukiwiki/index.php?MT4i%2F3.1", - "refsource" : "CONFIRM", - "url" : "http://www.hazama.nu/pukiwiki/index.php?MT4i%2F3.1" - }, - { - "name" : "JVN#79111101", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN79111101/index.html" - }, - { - "name" : "JVNDB-2012-000069", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#79111101", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN79111101/index.html" + }, + { + "name": "http://www.hazama.nu/pukiwiki/index.php?MT4i%2F3.1", + "refsource": "CONFIRM", + "url": "http://www.hazama.nu/pukiwiki/index.php?MT4i%2F3.1" + }, + { + "name": "JVNDB-2012-000069", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000069" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2746.json b/2012/2xxx/CVE-2012-2746.json index aa4bc43b13d..c97b38ab531 100644 --- a/2012/2xxx/CVE-2012-2746.json +++ b/2012/2xxx/CVE-2012-2746.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://directory.fedoraproject.org/wiki/Release_Notes", - "refsource" : "CONFIRM", - "url" : "http://directory.fedoraproject.org/wiki/Release_Notes" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=833482", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=833482" - }, - { - "name" : "https://fedorahosted.org/389/ticket/365", - "refsource" : "CONFIRM", - "url" : "https://fedorahosted.org/389/ticket/365" - }, - { - "name" : "HPSBUX02881", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083" - }, - { - "name" : "SSRT101189", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083" - }, - { - "name" : "RHSA-2012:0997", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0997.html" - }, - { - "name" : "RHSA-2012:1041", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1041.html" - }, - { - "name" : "54153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54153" - }, - { - "name" : "83329", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/83329" - }, - { - "name" : "oval:org.mitre.oval:def:19241", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241" - }, - { - "name" : "49734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49734" - }, - { - "name" : "389directory-logging-info-disclosure(76595)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "83329", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/83329" + }, + { + "name": "https://fedorahosted.org/389/ticket/365", + "refsource": "CONFIRM", + "url": "https://fedorahosted.org/389/ticket/365" + }, + { + "name": "49734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49734" + }, + { + "name": "389directory-logging-info-disclosure(76595)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595" + }, + { + "name": "SSRT101189", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083" + }, + { + "name": "54153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54153" + }, + { + "name": "http://directory.fedoraproject.org/wiki/Release_Notes", + "refsource": "CONFIRM", + "url": "http://directory.fedoraproject.org/wiki/Release_Notes" + }, + { + "name": "HPSBUX02881", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083" + }, + { + "name": "RHSA-2012:1041", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html" + }, + { + "name": "RHSA-2012:0997", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=833482", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482" + }, + { + "name": "oval:org.mitre.oval:def:19241", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2925.json b/2012/2xxx/CVE-2012-2925.json index 743b1e6e75e..0546dbc34da 100644 --- a/2012/2xxx/CVE-2012-2925.json +++ b/2012/2xxx/CVE-2012-2925.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18845", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18845" - }, - { - "name" : "simplephpagenda-engine-sql-injection(75501)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18845", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18845" + }, + { + "name": "simplephpagenda-engine-sql-injection(75501)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75501" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3422.json b/2012/3xxx/CVE-2012-3422.json index cee41b5e928..771d9b3f014 100644 --- a/2012/3xxx/CVE-2012-3422.json +++ b/2012/3xxx/CVE-2012-3422.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=840592", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=840592" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "RHSA-2012:1132", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1132.html" - }, - { - "name" : "SUSE-SU-2012:0979", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html" - }, - { - "name" : "openSUSE-SU-2012:0981", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html" - }, - { - "name" : "openSUSE-SU-2012:0982", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html" - }, - { - "name" : "SUSE-SU-2013:0851", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html" - }, - { - "name" : "openSUSE-SU-2013:0893", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html" - }, - { - "name" : "openSUSE-SU-2013:0966", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html" - }, - { - "name" : "SUSE-SU-2013:1174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html" - }, - { - "name" : "USN-1521-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1521-1" - }, - { - "name" : "50089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=840592", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592" + }, + { + "name": "SUSE-SU-2013:0851", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html" + }, + { + "name": "USN-1521-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1521-1" + }, + { + "name": "openSUSE-SU-2012:0982", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html" + }, + { + "name": "SUSE-SU-2013:1174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html" + }, + { + "name": "openSUSE-SU-2013:0826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html" + }, + { + "name": "openSUSE-SU-2012:0981", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html" + }, + { + "name": "SUSE-SU-2012:0979", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html" + }, + { + "name": "openSUSE-SU-2013:0966", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html" + }, + { + "name": "openSUSE-SU-2013:0893", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html" + }, + { + "name": "RHSA-2012:1132", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html" + }, + { + "name": "50089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50089" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6018.json b/2012/6xxx/CVE-2012-6018.json index 2eff4ffe8f4..bfd6f8345c0 100644 --- a/2012/6xxx/CVE-2012-6018.json +++ b/2012/6xxx/CVE-2012-6018.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6018", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6018", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6019.json b/2012/6xxx/CVE-2012-6019.json index 193174b26bc..b9e03c03c57 100644 --- a/2012/6xxx/CVE-2012-6019.json +++ b/2012/6xxx/CVE-2012-6019.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6019", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6019", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6164.json b/2012/6xxx/CVE-2012-6164.json index 6f08296f0dc..67cbf3e8ab9 100644 --- a/2012/6xxx/CVE-2012-6164.json +++ b/2012/6xxx/CVE-2012-6164.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6164", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6164", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6512.json b/2012/6xxx/CVE-2012-6512.json index 9ffe1d32ed4..72496f87f79 100644 --- a/2012/6xxx/CVE-2012-6512.json +++ b/2012/6xxx/CVE-2012-6512.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html" - }, - { - "name" : "http://websecurity.com.ua/5782", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/5782" - }, - { - "name" : "organizer-multiple-path-disclosure(75107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "organizer-multiple-path-disclosure(75107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75107" + }, + { + "name": "http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html" + }, + { + "name": "http://websecurity.com.ua/5782", + "refsource": "MISC", + "url": "http://websecurity.com.ua/5782" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1908.json b/2015/1xxx/CVE-2015-1908.json index 66f21779123..ec9d2d77f25 100644 --- a/2015/1xxx/CVE-2015-1908.json +++ b/2015/1xxx/CVE-2015-1908.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21701566", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21701566" - }, - { - "name" : "PI37661", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661" - }, - { - "name" : "74218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74218" - }, - { - "name" : "1032189", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032189", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032189" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566" + }, + { + "name": "PI37661", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661" + }, + { + "name": "74218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74218" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1980.json b/2015/1xxx/CVE-2015-1980.json index e12ec4c6cbd..34bbc936409 100644 --- a/2015/1xxx/CVE-2015-1980.json +++ b/2015/1xxx/CVE-2015-1980.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960244", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960244" - }, - { - "name" : "75143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960244", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960244" + }, + { + "name": "75143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75143" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5050.json b/2015/5xxx/CVE-2015-5050.json index bb00262f49f..223f111dd77 100644 --- a/2015/5xxx/CVE-2015-5050.json +++ b/2015/5xxx/CVE-2015-5050.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973592", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5485.json b/2015/5xxx/CVE-2015-5485.json index bf4233bc879..973ca09d84f 100644 --- a/2015/5xxx/CVE-2015-5485.json +++ b/2015/5xxx/CVE-2015-5485.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the \"error\" parameter to wp-admin/edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150713 Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/67" - }, - { - "name" : "http://packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html" - }, - { - "name" : "https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/" - }, - { - "name" : "https://theeventscalendar.com/release-eventbrite-tickets-3-10-2/", - "refsource" : "CONFIRM", - "url" : "https://theeventscalendar.com/release-eventbrite-tickets-3-10-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the \"error\" parameter to wp-admin/edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/" + }, + { + "name": "20150713 Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/67" + }, + { + "name": "https://theeventscalendar.com/release-eventbrite-tickets-3-10-2/", + "refsource": "CONFIRM", + "url": "https://theeventscalendar.com/release-eventbrite-tickets-3-10-2/" + }, + { + "name": "http://packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5944.json b/2015/5xxx/CVE-2015-5944.json index b693f339f29..9caa20a0ed0 100644 --- a/2015/5xxx/CVE-2015-5944.json +++ b/2015/5xxx/CVE-2015-5944.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205375", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205375" - }, - { - "name" : "APPLE-SA-2015-10-21-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-10-21-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205375", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205375" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5963.json b/2015/5xxx/CVE-2015-5963.json index b160cb9270e..237daa5c32c 100644 --- a/2015/5xxx/CVE-2015-5963.json +++ b/2015/5xxx/CVE-2015-5963.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/", - "refsource" : "MISC", - "url" : "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3338", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3338" - }, - { - "name" : "FEDORA-2015-1dd5bc998f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" - }, - { - "name" : "RHSA-2015:1894", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1894.html" - }, - { - "name" : "RHSA-2015:1766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1766.html" - }, - { - "name" : "RHSA-2015:1767", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1767.html" - }, - { - "name" : "RHSA-2015:1876", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:1876" - }, - { - "name" : "openSUSE-SU-2015:1580", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html" - }, - { - "name" : "openSUSE-SU-2015:1598", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html" - }, - { - "name" : "USN-2720-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2720-1" - }, - { - "name" : "76428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76428" - }, - { - "name" : "1033318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-1dd5bc998f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" + }, + { + "name": "openSUSE-SU-2015:1580", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html" + }, + { + "name": "RHSA-2015:1894", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html" + }, + { + "name": "DSA-3338", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3338" + }, + { + "name": "1033318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033318" + }, + { + "name": "RHSA-2015:1767", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html" + }, + { + "name": "openSUSE-SU-2015:1598", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html" + }, + { + "name": "USN-2720-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2720-1" + }, + { + "name": "RHSA-2015:1766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html" + }, + { + "name": "RHSA-2015:1876", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:1876" + }, + { + "name": "76428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76428" + }, + { + "name": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/", + "refsource": "MISC", + "url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11084.json b/2018/11xxx/CVE-2018-11084.json index 267c46ab28a..a882e7a0773 100644 --- a/2018/11xxx/CVE-2018-11084.json +++ b/2018/11xxx/CVE-2018-11084.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-08-10T00:00:00.000Z", - "ID" : "CVE-2018-11084", - "STATE" : "PUBLIC", - "TITLE" : "Garden-runC prevents deletion of some app environments" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Garden-runC", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "all versions", - "version_value" : "1.16.1" - } - ] - } - } - ] - }, - "vendor_name" : "Cloud Foundry" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 6.8, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Logic error" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-08-10T00:00:00.000Z", + "ID": "CVE-2018-11084", + "STATE": "PUBLIC", + "TITLE": "Garden-runC prevents deletion of some app environments" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Garden-runC", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "all versions", + "version_value": "1.16.1" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/blog/cve-2018-11084/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/blog/cve-2018-11084/" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Logic error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/blog/cve-2018-11084/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2018-11084/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11151.json b/2018/11xxx/CVE-2018-11151.json index c39a9c00c8c..311d951daa4 100644 --- a/2018/11xxx/CVE-2018-11151.json +++ b/2018/11xxx/CVE-2018-11151.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11263.json b/2018/11xxx/CVE-2018-11263.json index dffa7c17677..c34dd6e0d2e 100644 --- a/2018/11xxx/CVE-2018-11263.json +++ b/2018/11xxx/CVE-2018-11263.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-08-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=476ad571ec5b42c42bb1ce9468f18c7e996646ed", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=476ad571ec5b42c42bb1ce9468f18c7e996646ed" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=476ad571ec5b42c42bb1ce9468f18c7e996646ed", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=476ad571ec5b42c42bb1ce9468f18c7e996646ed" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-08-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11838.json b/2018/11xxx/CVE-2018-11838.json index 42115f3cfe0..7797aaa1886 100644 --- a/2018/11xxx/CVE-2018-11838.json +++ b/2018/11xxx/CVE-2018-11838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11838", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11838", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15728.json b/2018/15xxx/CVE-2018-15728.json index 8b43757c2ca..89d132ff7ad 100644 --- a/2018/15xxx/CVE-2018-15728.json +++ b/2018/15xxx/CVE-2018-15728.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180823 Couchbase Server - Remote Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2018/Aug/49" - }, - { - "name" : "105157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180823 Couchbase Server - Remote Code Execution", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2018/Aug/49" + }, + { + "name": "105157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105157" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3544.json b/2018/3xxx/CVE-2018-3544.json index d92122304a5..09dea369a95 100644 --- a/2018/3xxx/CVE-2018-3544.json +++ b/2018/3xxx/CVE-2018-3544.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3544", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3544", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3835.json b/2018/3xxx/CVE-2018-3835.json index 7c4d4de71d5..29e47cada7c 100644 --- a/2018/3xxx/CVE-2018-3835.json +++ b/2018/3xxx/CVE-2018-3835.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-01-29T00:00:00", - "ID" : "CVE-2018-3835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Walt Disney Animation Studios PTEX", - "version" : { - "version_data" : [ - { - "version_value" : "2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-01-29T00:00:00", + "ID": "CVE-2018-3835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Walt Disney Animation Studios PTEX", + "version": { + "version_data": [ + { + "version_value": "2.2" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0515", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0515", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0515" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3851.json b/2018/3xxx/CVE-2018-3851.json index bec13069c99..bee176e1f80 100644 --- a/2018/3xxx/CVE-2018-3851.json +++ b/2018/3xxx/CVE-2018-3851.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Perceptive Document Filters", - "version" : { - "version_data" : [ - { - "version_value" : "11.4.0.2647 - x86/x64 Windows/Linux" - } - ] - } - } - ] - }, - "vendor_name" : "Hyland Software, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds Write" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Perceptive Document Filters", + "version": { + "version_data": [ + { + "version_value": "11.4.0.2647 - x86/x64 Windows/Linux" + } + ] + } + } + ] + }, + "vendor_name": "Hyland Software, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0534", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0534" - }, - { - "name" : "104023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0534", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0534" + }, + { + "name": "104023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104023" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3969.json b/2018/3xxx/CVE-2018-3969.json index 49fe6370642..6593f47640c 100644 --- a/2018/3xxx/CVE-2018-3969.json +++ b/2018/3xxx/CVE-2018-3969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3969", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3969", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8498.json b/2018/8xxx/CVE-2018-8498.json index 6f325cedad6..a7383810b45 100644 --- a/2018/8xxx/CVE-2018-8498.json +++ b/2018/8xxx/CVE-2018-8498.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Enterprise Server 2013 Service Pack 1" - }, - { - "version_value" : "Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Enterprise Server 2013 Service Pack 1" + }, + { + "version_value": "Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498" - }, - { - "name" : "105495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105495" - }, - { - "name" : "1041835", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105495" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498" + }, + { + "name": "1041835", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041835" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8632.json b/2018/8xxx/CVE-2018-8632.json index bd611e3584a..3ca57e601ef 100644 --- a/2018/8xxx/CVE-2018-8632.json +++ b/2018/8xxx/CVE-2018-8632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8632", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8632", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8633.json b/2018/8xxx/CVE-2018-8633.json index d5caa0bd207..49f612b039f 100644 --- a/2018/8xxx/CVE-2018-8633.json +++ b/2018/8xxx/CVE-2018-8633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8633", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8633", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8689.json b/2018/8xxx/CVE-2018-8689.json index 484f51e2b67..b134d9a3d8c 100644 --- a/2018/8xxx/CVE-2018-8689.json +++ b/2018/8xxx/CVE-2018-8689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8689", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8689", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8915.json b/2018/8xxx/CVE-2018-8915.json index c5e68a8abac..43c0faad6e1 100644 --- a/2018/8xxx/CVE-2018-8915.json +++ b/2018/8xxx/CVE-2018-8915.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-05-10T00:00:00", - "ID" : "CVE-2018-8915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Calendar", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "2.1.1-0502" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-05-10T00:00:00", + "ID": "CVE-2018-8915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Calendar", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.1.1-0502" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_18_06", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_18_06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_18_06", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_18_06" + } + ] + } +} \ No newline at end of file