diff --git a/2002/0xxx/CVE-2002-0375.json b/2002/0xxx/CVE-2002-0375.json index 77b79eb2989..dd090a29779 100644 --- a/2002/0xxx/CVE-2002-0375.json +++ b/2002/0xxx/CVE-2002-0375.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020417 Smalls holes on 5 products #1", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=101908986415768&w=2" - }, - { - "name" : "20020510 Fix available for Sgdynamo", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102107488402057&w=2" - }, - { - "name" : "sgdynamo-htname-parameter-xss(9830)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9830" - }, - { - "name" : "3458", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020417 Smalls holes on 5 products #1", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=101908986415768&w=2" + }, + { + "name": "20020510 Fix available for Sgdynamo", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102107488402057&w=2" + }, + { + "name": "sgdynamo-htname-parameter-xss(9830)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9830" + }, + { + "name": "3458", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3458" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2227.json b/2002/2xxx/CVE-2002-2227.json index 4e7508a4bb4..7ce536fddcb 100644 --- a/2002/2xxx/CVE-2002-2227.json +++ b/2002/2xxx/CVE-2002-2227.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020911 Buffer over/underflows in ssldump prior to 0.9b3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/291329" - }, - { - "name" : "http://www.rtfm.com/ssldump/", - "refsource" : "CONFIRM", - "url" : "http://www.rtfm.com/ssldump/" - }, - { - "name" : "5693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5693" - }, - { - "name" : "ssldump-sslv2-memory-corruption(10087)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5693" + }, + { + "name": "20020911 Buffer over/underflows in ssldump prior to 0.9b3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/291329" + }, + { + "name": "http://www.rtfm.com/ssldump/", + "refsource": "CONFIRM", + "url": "http://www.rtfm.com/ssldump/" + }, + { + "name": "ssldump-sslv2-memory-corruption(10087)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10087" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2287.json b/2002/2xxx/CVE-2002-2287.json index dab2eb483e9..2e29debcfd0 100644 --- a/2002/2xxx/CVE-2002-2287.json +++ b/2002/2xxx/CVE-2002-2287.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021113 Code Injection in phpBB Advanced Quick Reply Mod", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0188.html" - }, - { - "name" : "6173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6173" - }, - { - "name" : "phpbb-quickreply-file-include(10617)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6173" + }, + { + "name": "phpbb-quickreply-file-include(10617)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10617" + }, + { + "name": "20021113 Code Injection in phpBB Advanced Quick Reply Mod", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0188.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0220.json b/2005/0xxx/CVE-2005-0220.json index bebe67617aa..2dd2557386a 100644 --- a/2005/0xxx/CVE-2005-0220.json +++ b/2005/0xxx/CVE-2005-0220.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110608459222364&w=2" - }, - { - "name" : "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html" - }, - { - "name" : "http://theinsider.deep-ice.com/texts/advisory69.txt", - "refsource" : "MISC", - "url" : "http://theinsider.deep-ice.com/texts/advisory69.txt" - }, - { - "name" : "GLSA-200501-45", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-45.xml" - }, - { - "name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147" - }, - { - "name" : "13887", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13887/" - }, - { - "name" : "gallery-multiple-xss(18938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200501-45", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-45.xml" + }, + { + "name": "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110608459222364&w=2" + }, + { + "name": "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html" + }, + { + "name": "http://theinsider.deep-ice.com/texts/advisory69.txt", + "refsource": "MISC", + "url": "http://theinsider.deep-ice.com/texts/advisory69.txt" + }, + { + "name": "gallery-multiple-xss(18938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18938" + }, + { + "name": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147" + }, + { + "name": "13887", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13887/" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0301.json b/2005/0xxx/CVE-2005-0301.json index 1f815f4c38f..69690e7e3ab 100644 --- a/2005/0xxx/CVE-2005-0301.json +++ b/2005/0xxx/CVE-2005-0301.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050121 bug report comersus Back Office Lite 6.0 and 6.0.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110636597832556&w=2" - }, - { - "name" : "http://www.comersus.org/forum/displayMessage.asp?mid=32753", - "refsource" : "CONFIRM", - "url" : "http://www.comersus.org/forum/displayMessage.asp?mid=32753" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html" - }, - { - "name" : "backoffice-lite-administrative-bypass(19010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.comersus.org/forum/displayMessage.asp?mid=32753", + "refsource": "CONFIRM", + "url": "http://www.comersus.org/forum/displayMessage.asp?mid=32753" + }, + { + "name": "20050121 bug report comersus Back Office Lite 6.0 and 6.0.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110636597832556&w=2" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html" + }, + { + "name": "backoffice-lite-administrative-bypass(19010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19010" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0358.json b/2005/0xxx/CVE-2005-0358.json index fa8cf11c56f..b0c6571d085 100644 --- a/2005/0xxx/CVE-2005-0358.json +++ b/2005/0xxx/CVE-2005-0358.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2005-0358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm", - "refsource" : "CONFIRM", - "url" : "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm" - }, - { - "name" : "101886", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1" - }, - { - "name" : "VU#407641", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/407641" - }, - { - "name" : "14582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14582" - }, - { - "name" : "18801", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18801" - }, - { - "name" : "1014713", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014713" - }, - { - "name" : "16470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16470" - }, - { - "name" : "16464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16464" - }, - { - "name" : "legato-token-gain-privileges(21892)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#407641", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/407641" + }, + { + "name": "16470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16470" + }, + { + "name": "16464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16464" + }, + { + "name": "1014713", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014713" + }, + { + "name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm", + "refsource": "CONFIRM", + "url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm" + }, + { + "name": "14582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14582" + }, + { + "name": "legato-token-gain-privileges(21892)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892" + }, + { + "name": "101886", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1" + }, + { + "name": "18801", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18801" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0912.json b/2005/0xxx/CVE-2005-0912.json index 105b81276e2..93b3f7e3341 100644 --- a/2005/0xxx/CVE-2005-0912.json +++ b/2005/0xxx/CVE-2005-0912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=315034", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=315034" - }, - { - "name" : "1013555", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013555", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013555" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=315034", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=315034" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1067.json b/2005/1xxx/CVE-2005-1067.json index 63d215d3439..d20199c6447 100644 --- a/2005/1xxx/CVE-2005-1067.json +++ b/2005/1xxx/CVE-2005-1067.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password \"new\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/access_user/?branch_id=53852&release_id=192770", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/access_user/?branch_id=53852&release_id=192770" - }, - { - "name" : "15348", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15348" - }, - { - "name" : "14897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password \"new\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://freshmeat.net/projects/access_user/?branch_id=53852&release_id=192770", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/access_user/?branch_id=53852&release_id=192770" + }, + { + "name": "14897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14897" + }, + { + "name": "15348", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15348" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1074.json b/2005/1xxx/CVE-2005-1074.json index 7371fe7b9b4..c656b10d973 100644 --- a/2005/1xxx/CVE-2005-1074.json +++ b/2005/1xxx/CVE-2005-1074.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050409 Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/395527" - }, - { - "name" : "http://www.digitalparadox.org/advisories/rga.txt", - "refsource" : "MISC", - "url" : "http://www.digitalparadox.org/advisories/rga.txt" - }, - { - "name" : "13080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13080" - }, - { - "name" : "15429", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15429" - }, - { - "name" : "14906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14906" - }, - { - "name" : "radbids-gold-index-sql-injection(20040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "radbids-gold-index-sql-injection(20040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20040" + }, + { + "name": "http://www.digitalparadox.org/advisories/rga.txt", + "refsource": "MISC", + "url": "http://www.digitalparadox.org/advisories/rga.txt" + }, + { + "name": "20050409 Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/395527" + }, + { + "name": "13080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13080" + }, + { + "name": "14906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14906" + }, + { + "name": "15429", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15429" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1857.json b/2005/1xxx/CVE-2005-1857.json index 00f283f6e1e..3fa7932a47b 100644 --- a/2005/1xxx/CVE-2005-1857.json +++ b/2005/1xxx/CVE-2005-1857.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-1857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=604&release_id=351847", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=604&release_id=351847" - }, - { - "name" : "DSA-786", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-786" - }, - { - "name" : "VU#139421", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/139421" - }, - { - "name" : "14666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14666" - }, - { - "name" : "16567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16567/" - }, - { - "name" : "simpleproxy-reply-format-string(22016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#139421", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/139421" + }, + { + "name": "16567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16567/" + }, + { + "name": "simpleproxy-reply-format-string(22016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22016" + }, + { + "name": "DSA-786", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-786" + }, + { + "name": "14666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14666" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=604&release_id=351847", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=604&release_id=351847" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4298.json b/2005/4xxx/CVE-2005-4298.json index 37f2c50f1ca..37ed7dd4ad1 100644 --- a/2005/4xxx/CVE-2005-4298.json +++ b/2005/4xxx/CVE-2005-4298.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) sch_allsubct, (2) before, and (3) ct parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/atlantforum-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/atlantforum-xss-vuln.html" - }, - { - "name" : "15887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15887" - }, - { - "name" : "ADV-2005-2938", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2938" - }, - { - "name" : "18096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) sch_allsubct, (2) before, and (3) ct parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2938", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2938" + }, + { + "name": "18096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18096" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/atlantforum-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/atlantforum-xss-vuln.html" + }, + { + "name": "15887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15887" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4382.json b/2005/4xxx/CVE-2005-4382.json index 39c86111589..879c21d22be 100644 --- a/2005/4xxx/CVE-2005-4382.json +++ b/2005/4xxx/CVE-2005-4382.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html" - }, - { - "name" : "ADV-2005-2979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2979" - }, - { - "name" : "21855", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21855" - }, - { - "name" : "21969", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21969" - }, - { - "name" : "18145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18145/" - }, - { - "name" : "communityenterprise-multiple-sql-injection(23818)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html" + }, + { + "name": "18145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18145/" + }, + { + "name": "communityenterprise-multiple-sql-injection(23818)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23818" + }, + { + "name": "21969", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21969" + }, + { + "name": "ADV-2005-2979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2979" + }, + { + "name": "21855", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21855" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4420.json b/2005/4xxx/CVE-2005-4420.json index c1949806c78..b77cee2b4ef 100644 --- a/2005/4xxx/CVE-2005-4420.json +++ b/2005/4xxx/CVE-2005-4420.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/honeycomb-archive-honeycomb-archive.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/honeycomb-archive-honeycomb-archive.html" - }, - { - "name" : "15995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15995" - }, - { - "name" : "21828", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21828" - }, - { - "name" : "18127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18127" - }, - { - "name" : "honeycomb-search-xss(23831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/honeycomb-archive-honeycomb-archive.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/honeycomb-archive-honeycomb-archive.html" + }, + { + "name": "21828", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21828" + }, + { + "name": "honeycomb-search-xss(23831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23831" + }, + { + "name": "18127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18127" + }, + { + "name": "15995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15995" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4495.json b/2005/4xxx/CVE-2005-4495.json index db49207c4ea..43fcb470946 100644 --- a/2005/4xxx/CVE-2005-4495.json +++ b/2005/4xxx/CVE-2005-4495.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating \"This information is incorrect, unproven, and potentially slanderous.\" However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/spiremedia-cms-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/spiremedia-cms-sql-inj-vuln.html" - }, - { - "name" : "16039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16039" - }, - { - "name" : "ADV-2005-3053", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3053" - }, - { - "name" : "22066", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating \"This information is incorrect, unproven, and potentially slanderous.\" However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/spiremedia-cms-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/spiremedia-cms-sql-inj-vuln.html" + }, + { + "name": "ADV-2005-3053", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3053" + }, + { + "name": "16039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16039" + }, + { + "name": "22066", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22066" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4618.json b/2005/4xxx/CVE-2005-4618.json index f20498a5f63..842827ce815 100644 --- a/2005/4xxx/CVE-2005-4618.json +++ b/2005/4xxx/CVE-2005-4618.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15", - "refsource" : "MISC", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c", - "refsource" : "MISC", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15", - "refsource" : "MISC", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15" - }, - { - "name" : "DSA-1017", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1017" - }, - { - "name" : "DSA-1018", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1018" - }, - { - "name" : "MDKSA-2006:040", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:040" - }, - { - "name" : "USN-244-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/244-1/" - }, - { - "name" : "16141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16141" - }, - { - "name" : "ADV-2006-0035", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0035" - }, - { - "name" : "18216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18216" - }, - { - "name" : "19374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19374" - }, - { - "name" : "19369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19369" - }, - { - "name" : "18527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c", + "refsource": "MISC", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c" + }, + { + "name": "MDKSA-2006:040", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:040" + }, + { + "name": "19369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19369" + }, + { + "name": "DSA-1018", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1018" + }, + { + "name": "16141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16141" + }, + { + "name": "ADV-2006-0035", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0035" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15", + "refsource": "MISC", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15" + }, + { + "name": "18216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18216" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15", + "refsource": "MISC", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15" + }, + { + "name": "DSA-1017", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1017" + }, + { + "name": "USN-244-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/244-1/" + }, + { + "name": "18527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18527" + }, + { + "name": "19374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19374" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0013.json b/2009/0xxx/CVE-2009-0013.json index 3bfa3fed5bb..458d91c9e04 100644 --- a/2009/0xxx/CVE-2009-0013.json +++ b/2009/0xxx/CVE-2009-0013.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "33759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33759" - }, - { - "name" : "33815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33815" - }, - { - "name" : "ADV-2009-0422", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0422" - }, - { - "name" : "1021722", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2009/Feb/1021722.html" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - }, - { - "name" : "macosx-dstools-information-disclosure(48717)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "1021722", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2009/Feb/1021722.html" + }, + { + "name": "33759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33759" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "macosx-dstools-information-disclosure(48717)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48717" + }, + { + "name": "ADV-2009-0422", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0422" + }, + { + "name": "33815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33815" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0353.json b/2009/0xxx/CVE-2009-0353.json index 45f03820bb4..9e1b874bc24 100644 --- a/2009/0xxx/CVE-2009-0353.json +++ b/2009/0xxx/CVE-2009-0353.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-01.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=452913", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=452913" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm" - }, - { - "name" : "DSA-1830", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1830" - }, - { - "name" : "FEDORA-2009-1399", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html" - }, - { - "name" : "FEDORA-2009-2882", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html" - }, - { - "name" : "FEDORA-2009-2884", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html" - }, - { - "name" : "FEDORA-2009-3101", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html" - }, - { - "name" : "MDVSA-2009:044", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:044" - }, - { - "name" : "MDVSA-2009:083", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083" - }, - { - "name" : "RHSA-2009:0256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0256.html" - }, - { - "name" : "RHSA-2009:0257", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0257.html" - }, - { - "name" : "RHSA-2009:0258", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0258.html" - }, - { - "name" : "SSA:2009-083-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420" - }, - { - "name" : "SSA:2009-083-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952" - }, - { - "name" : "SUSE-SA:2009:023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html" - }, - { - "name" : "SUSE-SA:2009:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html" - }, - { - "name" : "USN-717-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-717-1" - }, - { - "name" : "33598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33598" - }, - { - "name" : "oval:org.mitre.oval:def:11193", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11193" - }, - { - "name" : "33802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33802" - }, - { - "name" : "33831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33831" - }, - { - "name" : "33841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33841" - }, - { - "name" : "33846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33846" - }, - { - "name" : "34324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34324" - }, - { - "name" : "34417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34417" - }, - { - "name" : "34462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34462" - }, - { - "name" : "34464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34464" - }, - { - "name" : "34527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34527" - }, - { - "name" : "ADV-2009-0313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0313" - }, - { - "name" : "1021663", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021663" - }, - { - "name" : "33799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33799" - }, - { - "name" : "33808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33808" - }, - { - "name" : "33809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33809" - }, - { - "name" : "33816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33816" - }, - { - "name" : "33869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2009:023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html" + }, + { + "name": "33808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33808" + }, + { + "name": "ADV-2009-0313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0313" + }, + { + "name": "DSA-1830", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1830" + }, + { + "name": "SUSE-SA:2009:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html" + }, + { + "name": "FEDORA-2009-3101", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html" + }, + { + "name": "33809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33809" + }, + { + "name": "MDVSA-2009:044", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:044" + }, + { + "name": "RHSA-2009:0256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0256.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-01.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-01.html" + }, + { + "name": "SSA:2009-083-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm" + }, + { + "name": "33831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33831" + }, + { + "name": "RHSA-2009:0258", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0258.html" + }, + { + "name": "MDVSA-2009:083", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083" + }, + { + "name": "1021663", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021663" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=452913", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=452913" + }, + { + "name": "34464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34464" + }, + { + "name": "34417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34417" + }, + { + "name": "33841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33841" + }, + { + "name": "34527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34527" + }, + { + "name": "33816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33816" + }, + { + "name": "33846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33846" + }, + { + "name": "33799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33799" + }, + { + "name": "FEDORA-2009-2882", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html" + }, + { + "name": "RHSA-2009:0257", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0257.html" + }, + { + "name": "FEDORA-2009-2884", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html" + }, + { + "name": "SSA:2009-083-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952" + }, + { + "name": "34462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34462" + }, + { + "name": "oval:org.mitre.oval:def:11193", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11193" + }, + { + "name": "33598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33598" + }, + { + "name": "FEDORA-2009-1399", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html" + }, + { + "name": "33802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33802" + }, + { + "name": "34324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34324" + }, + { + "name": "33869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33869" + }, + { + "name": "USN-717-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-717-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0427.json b/2009/0xxx/CVE-2009-0427.json index c4936b69bfc..20935b1a5ed 100644 --- a/2009/0xxx/CVE-2009-0427.json +++ b/2009/0xxx/CVE-2009-0427.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7773", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7773" - }, - { - "name" : "http://dmxready.helpserve.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=93", - "refsource" : "CONFIRM", - "url" : "http://dmxready.helpserve.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=93" - }, - { - "name" : "http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12", - "refsource" : "CONFIRM", - "url" : "http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12" - }, - { - "name" : "33253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33253" - }, - { - "name" : "33482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33482" - }, - { - "name" : "memberdirectory-uploadimage-sql-injection(47960)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dmxready.helpserve.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=93", + "refsource": "CONFIRM", + "url": "http://dmxready.helpserve.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=93" + }, + { + "name": "memberdirectory-uploadimage-sql-injection(47960)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47960" + }, + { + "name": "33253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33253" + }, + { + "name": "http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12", + "refsource": "CONFIRM", + "url": "http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12" + }, + { + "name": "33482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33482" + }, + { + "name": "7773", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7773" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0680.json b/2009/0xxx/CVE-2009-0680.json index f187bb52866..9f69a117843 100644 --- a/2009/0xxx/CVE-2009-0680.json +++ b/2009/0xxx/CVE-2009-0680.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090208 Netgear SSL312 Router - remote DoS", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0084.html" - }, - { - "name" : "8008", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8008" - }, - { - "name" : "http://www.helith.net/txt/netgear_ssl312_remote_dos.txt", - "refsource" : "MISC", - "url" : "http://www.helith.net/txt/netgear_ssl312_remote_dos.txt" - }, - { - "name" : "33675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33675" - }, - { - "name" : "33896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33896" - }, - { - "name" : "netgear-ssl312-dos(48605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090208 Netgear SSL312 Router - remote DoS", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0084.html" + }, + { + "name": "http://www.helith.net/txt/netgear_ssl312_remote_dos.txt", + "refsource": "MISC", + "url": "http://www.helith.net/txt/netgear_ssl312_remote_dos.txt" + }, + { + "name": "netgear-ssl312-dos(48605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48605" + }, + { + "name": "33675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33675" + }, + { + "name": "8008", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8008" + }, + { + "name": "33896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33896" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1054.json b/2009/1xxx/CVE-2009-1054.json index 2a1b8206f7f..ec7578f50f8 100644 --- a/2009/1xxx/CVE-2009-1054.json +++ b/2009/1xxx/CVE-2009-1054.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-031608-2424-99", - "refsource" : "MISC", - "url" : "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-031608-2424-99" - }, - { - "name" : "http://www.justsystems.com/jp/info/js09001.html", - "refsource" : "CONFIRM", - "url" : "http://www.justsystems.com/jp/info/js09001.html" - }, - { - "name" : "34138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34138" - }, - { - "name" : "34405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34405" - }, - { - "name" : "ADV-2009-0769", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0769" - }, - { - "name" : "ichitaro-webpuraguinbyua-code-execution(49280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34138" + }, + { + "name": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-031608-2424-99", + "refsource": "MISC", + "url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-031608-2424-99" + }, + { + "name": "ichitaro-webpuraguinbyua-code-execution(49280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49280" + }, + { + "name": "ADV-2009-0769", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0769" + }, + { + "name": "http://www.justsystems.com/jp/info/js09001.html", + "refsource": "CONFIRM", + "url": "http://www.justsystems.com/jp/info/js09001.html" + }, + { + "name": "34405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34405" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1103.json b/2009/1xxx/CVE-2009-1103.json index a2d1d125618..a1c643ee521 100644 --- a/2009/1xxx/CVE-2009-1103.json +++ b/2009/1xxx/CVE-2009-1103.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"deserializing applets,\" aka CR 6646860." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBMA02429", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "SSRT090058", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "HPSBUX02429", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124344236532162&w=2" - }, - { - "name" : "RHSA-2009:0392", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0392.html" - }, - { - "name" : "RHSA-2009:0394", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0394.html" - }, - { - "name" : "RHSA-2009:1038", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1038.html" - }, - { - "name" : "RHSA-2009:1198", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1198.html" - }, - { - "name" : "254611", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1" - }, - { - "name" : "SUSE-SA:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "SUSE-SA:2009:036", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html" - }, - { - "name" : "34240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34240" - }, - { - "name" : "oval:org.mitre.oval:def:6542", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6542" - }, - { - "name" : "1021920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021920" - }, - { - "name" : "34495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34495" - }, - { - "name" : "34496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34496" - }, - { - "name" : "35156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35156" - }, - { - "name" : "35255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35255" - }, - { - "name" : "35416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35416" - }, - { - "name" : "36185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36185" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "ADV-2009-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1426" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "jre-javaplugin-privilege-escalation(49456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"deserializing applets,\" aka CR 6646860." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2009:036", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html" + }, + { + "name": "SSRT090058", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "35156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35156" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "RHSA-2009:1038", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html" + }, + { + "name": "RHSA-2009:1198", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "HPSBUX02429", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124344236532162&w=2" + }, + { + "name": "RHSA-2009:0394", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html" + }, + { + "name": "34495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34495" + }, + { + "name": "36185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36185" + }, + { + "name": "oval:org.mitre.oval:def:6542", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6542" + }, + { + "name": "35255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35255" + }, + { + "name": "ADV-2009-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1426" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "RHSA-2009:0392", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html" + }, + { + "name": "34240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34240" + }, + { + "name": "34496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34496" + }, + { + "name": "1021920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021920" + }, + { + "name": "HPSBMA02429", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "254611", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1" + }, + { + "name": "jre-javaplugin-privilege-escalation(49456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49456" + }, + { + "name": "35416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35416" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "SUSE-SA:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1646.json b/2009/1xxx/CVE-2009-1646.json index 93fb4ca74ad..13ebb77ff74 100644 --- a/2009/1xxx/CVE-2009-1646.json +++ b/2009/1xxx/CVE-2009-1646.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8628", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8628" - }, - { - "name" : "34860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34860" + }, + { + "name": "8628", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8628" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4065.json b/2009/4xxx/CVE-2009-4065.json index 5ea07020d76..8f2d4656772 100644 --- a/2009/4xxx/CVE-2009-4065.json +++ b/2009/4xxx/CVE-2009-4065.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/636462", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/636462" - }, - { - "name" : "http://drupal.org/node/636474", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/636474" - }, - { - "name" : "37055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37055" - }, - { - "name" : "60284", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60284" - }, - { - "name" : "37436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37436" - }, - { - "name" : "strongarm-unspecified-xss(54337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37436" + }, + { + "name": "37055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37055" + }, + { + "name": "strongarm-unspecified-xss(54337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54337" + }, + { + "name": "http://drupal.org/node/636462", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/636462" + }, + { + "name": "http://drupal.org/node/636474", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/636474" + }, + { + "name": "60284", + "refsource": "OSVDB", + "url": "http://osvdb.org/60284" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4290.json b/2009/4xxx/CVE-2009-4290.json index e0849157953..f06a4ca815b 100644 --- a/2009/4xxx/CVE-2009-4290.json +++ b/2009/4xxx/CVE-2009-4290.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4290", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4290", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4350.json b/2009/4xxx/CVE-2009-4350.json index 28f55f34f7e..da4dda8b636 100644 --- a/2009/4xxx/CVE-2009-4350.json +++ b/2009/4xxx/CVE-2009-4350.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the (1) matchings[id] or (2) matchings[title] parameters in a Login action to an unspecified program, or (3) the matchings[id] parameter in a search action to index.php, a different vector than CVE-2008-3250. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/0912-exploits/arcticissue-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/0912-exploits/arcticissue-xss.txt" - }, - { - "name" : "60957", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60957" - }, - { - "name" : "37723", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the (1) matchings[id] or (2) matchings[title] parameters in a Login action to an unspecified program, or (3) the matchings[id] parameter in a search action to index.php, a different vector than CVE-2008-3250. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37723", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37723" + }, + { + "name": "http://packetstormsecurity.com/0912-exploits/arcticissue-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/0912-exploits/arcticissue-xss.txt" + }, + { + "name": "60957", + "refsource": "OSVDB", + "url": "http://osvdb.org/60957" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4633.json b/2009/4xxx/CVE-2009-4633.json index 853616a4a17..39c490e8b82 100644 --- a/2009/4xxx/CVE-2009-4633.json +++ b/2009/4xxx/CVE-2009-4633.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" - }, - { - "name" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", - "refsource" : "MISC", - "url" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" - }, - { - "name" : "DSA-2000", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2000" - }, - { - "name" : "MDVSA-2011:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" - }, - { - "name" : "MDVSA-2011:061", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" - }, - { - "name" : "MDVSA-2011:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" - }, - { - "name" : "MDVSA-2011:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" - }, - { - "name" : "MDVSA-2011:114", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" - }, - { - "name" : "USN-931-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-931-1" - }, - { - "name" : "36465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36465" - }, - { - "name" : "36805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36805" - }, - { - "name" : "38643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38643" - }, - { - "name" : "39482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39482" - }, - { - "name" : "ADV-2010-0935", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0935" - }, - { - "name" : "ADV-2011-1241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" + }, + { + "name": "36805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36805" + }, + { + "name": "36465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36465" + }, + { + "name": "39482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39482" + }, + { + "name": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", + "refsource": "MISC", + "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" + }, + { + "name": "MDVSA-2011:061", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" + }, + { + "name": "MDVSA-2011:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" + }, + { + "name": "MDVSA-2011:114", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" + }, + { + "name": "38643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38643" + }, + { + "name": "ADV-2011-1241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1241" + }, + { + "name": "MDVSA-2011:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" + }, + { + "name": "DSA-2000", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2000" + }, + { + "name": "USN-931-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-931-1" + }, + { + "name": "ADV-2010-0935", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0935" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4929.json b/2009/4xxx/CVE-2009-4929.json index 90d681e04f7..e6b7e2e786f 100644 --- a/2009/4xxx/CVE-2009-4929.json +++ b/2009/4xxx/CVE-2009-4929.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8496", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8496" - }, - { - "name" : "34619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34619" - }, - { - "name" : "34824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8496", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8496" + }, + { + "name": "34619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34619" + }, + { + "name": "34824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34824" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2233.json b/2012/2xxx/CVE-2012-2233.json index 29d662c9835..07704b57dc2 100644 --- a/2012/2xxx/CVE-2012-2233.json +++ b/2012/2xxx/CVE-2012-2233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2233", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2233", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3294.json b/2012/3xxx/CVE-2012-3294.json index 204989fb54e..83176f76fdc 100644 --- a/2012/3xxx/CVE-2012-3294.json +++ b/2012/3xxx/CVE-2012-3294.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-3294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20477", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20477/" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21607482", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21607482" - }, - { - "name" : "IC85516", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516" - }, - { - "name" : "1027373", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027373" - }, - { - "name" : "wmq-fte-csrf(77180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21607482", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21607482" + }, + { + "name": "wmq-fte-csrf(77180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180" + }, + { + "name": "IC85516", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516" + }, + { + "name": "1027373", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027373" + }, + { + "name": "20477", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20477/" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6264.json b/2012/6xxx/CVE-2012-6264.json index 4a2da5de709..8895f385c0b 100644 --- a/2012/6xxx/CVE-2012-6264.json +++ b/2012/6xxx/CVE-2012-6264.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6264", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6264", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1933.json b/2015/1xxx/CVE-2015-1933.json index ecb438066ae..9f1ae6a9ad8 100644 --- a/2015/1xxx/CVE-2015-1933.json +++ b/2015/1xxx/CVE-2015-1933.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21965080", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21965080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5540.json b/2015/5xxx/CVE-2015-5540.json index 26da2b0759d..1eb2cd1fbdf 100644 --- a/2015/5xxx/CVE-2015-5540.json +++ b/2015/5xxx/CVE-2015-5540.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37859", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37859/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201508-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201508-01" - }, - { - "name" : "RHSA-2015:1603", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "76288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76288" - }, - { - "name" : "1033235", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "GLSA-201508-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201508-01" + }, + { + "name": "37859", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37859/" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "1033235", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033235" + }, + { + "name": "76288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76288" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "name": "RHSA-2015:1603", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5659.json b/2015/5xxx/CVE-2015-5659.json index e6e50b6c799..5090d96e5b9 100644 --- a/2015/5xxx/CVE-2015-5659.json +++ b/2015/5xxx/CVE-2015-5659.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN84982142/995760/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN84982142/995760/index.html" - }, - { - "name" : "https://github.com/NaCl-Ltd/pref-shimane-cms/blob/master/README.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/NaCl-Ltd/pref-shimane-cms/blob/master/README.md" - }, - { - "name" : "https://github.com/NaCl-Ltd/pref-shimane-cms/commit/5ec03cb174513844c410ee7fba594c544ba80ce2", - "refsource" : "CONFIRM", - "url" : "https://github.com/NaCl-Ltd/pref-shimane-cms/commit/5ec03cb174513844c410ee7fba594c544ba80ce2" - }, - { - "name" : "https://github.com/NaCl-Ltd/pref-shimane-cms/commit/ab96ec7661f15a0129940eed9215c91f1acbf564", - "refsource" : "CONFIRM", - "url" : "https://github.com/NaCl-Ltd/pref-shimane-cms/commit/ab96ec7661f15a0129940eed9215c91f1acbf564" - }, - { - "name" : "JVN#84982142", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN84982142/index.html" - }, - { - "name" : "JVNDB-2015-000158", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NaCl-Ltd/pref-shimane-cms/commit/ab96ec7661f15a0129940eed9215c91f1acbf564", + "refsource": "CONFIRM", + "url": "https://github.com/NaCl-Ltd/pref-shimane-cms/commit/ab96ec7661f15a0129940eed9215c91f1acbf564" + }, + { + "name": "http://jvn.jp/en/jp/JVN84982142/995760/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN84982142/995760/index.html" + }, + { + "name": "JVNDB-2015-000158", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000158" + }, + { + "name": "JVN#84982142", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN84982142/index.html" + }, + { + "name": "https://github.com/NaCl-Ltd/pref-shimane-cms/commit/5ec03cb174513844c410ee7fba594c544ba80ce2", + "refsource": "CONFIRM", + "url": "https://github.com/NaCl-Ltd/pref-shimane-cms/commit/5ec03cb174513844c410ee7fba594c544ba80ce2" + }, + { + "name": "https://github.com/NaCl-Ltd/pref-shimane-cms/blob/master/README.md", + "refsource": "CONFIRM", + "url": "https://github.com/NaCl-Ltd/pref-shimane-cms/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5820.json b/2015/5xxx/CVE-2015-5820.json index 5c2f3eb50f3..759f6f051d6 100644 --- a/2015/5xxx/CVE-2015-5820.json +++ b/2015/5xxx/CVE-2015-5820.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205265", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205265" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" - }, - { - "name" : "76766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76766" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76766" + }, + { + "name": "https://support.apple.com/HT205265", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205265" + }, + { + "name": "APPLE-SA-2015-09-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11166.json b/2018/11xxx/CVE-2018-11166.json index 74a5d0f9c40..7a84b432c5a 100644 --- a/2018/11xxx/CVE-2018-11166.json +++ b/2018/11xxx/CVE-2018-11166.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11332.json b/2018/11xxx/CVE-2018-11332.json index f69e7c1cfd5..095dd9573d2 100644 --- a/2018/11xxx/CVE-2018-11332.json +++ b/2018/11xxx/CVE-2018-11332.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stored cross-site scripting (XSS) vulnerability in the \"Site Name\" field found in the \"site\" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44775", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44775/" - }, - { - "name" : "https://github.com/ClipperCMS/ClipperCMS/issues/483", - "refsource" : "MISC", - "url" : "https://github.com/ClipperCMS/ClipperCMS/issues/483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stored cross-site scripting (XSS) vulnerability in the \"Site Name\" field found in the \"site\" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ClipperCMS/ClipperCMS/issues/483", + "refsource": "MISC", + "url": "https://github.com/ClipperCMS/ClipperCMS/issues/483" + }, + { + "name": "44775", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44775/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14541.json b/2018/14xxx/CVE-2018-14541.json index f54b3ada33e..35b7ebbb1f6 100644 --- a/2018/14xxx/CVE-2018-14541.json +++ b/2018/14xxx/CVE-2018-14541.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45140", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45140/" - }, - { - "name" : "https://gkaim.com/cve-2018-14541-vikas-chaudhary/", - "refsource" : "MISC", - "url" : "https://gkaim.com/cve-2018-14541-vikas-chaudhary/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45140", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45140/" + }, + { + "name": "https://gkaim.com/cve-2018-14541-vikas-chaudhary/", + "refsource": "MISC", + "url": "https://gkaim.com/cve-2018-14541-vikas-chaudhary/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15054.json b/2018/15xxx/CVE-2018-15054.json index 3d2003a2801..d36c0dc339c 100644 --- a/2018/15xxx/CVE-2018-15054.json +++ b/2018/15xxx/CVE-2018-15054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15054", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15054", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15122.json b/2018/15xxx/CVE-2018-15122.json index 47be40b8171..4c6d8434a3d 100644 --- a/2018/15xxx/CVE-2018-15122.json +++ b/2018/15xxx/CVE-2018-15122.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.telerik.com/devtools/justdecompile/knowledge-base/jd-ja-resources-vulnerability", - "refsource" : "CONFIRM", - "url" : "https://docs.telerik.com/devtools/justdecompile/knowledge-base/jd-ja-resources-vulnerability" - }, - { - "name" : "https://www.telerik.com/support/whats-new/justdecompile/release-history/justdecompile-r2-2018-sp1", - "refsource" : "CONFIRM", - "url" : "https://www.telerik.com/support/whats-new/justdecompile/release-history/justdecompile-r2-2018-sp1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.telerik.com/devtools/justdecompile/knowledge-base/jd-ja-resources-vulnerability", + "refsource": "CONFIRM", + "url": "https://docs.telerik.com/devtools/justdecompile/knowledge-base/jd-ja-resources-vulnerability" + }, + { + "name": "https://www.telerik.com/support/whats-new/justdecompile/release-history/justdecompile-r2-2018-sp1", + "refsource": "CONFIRM", + "url": "https://www.telerik.com/support/whats-new/justdecompile/release-history/justdecompile-r2-2018-sp1" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15415.json b/2018/15xxx/CVE-2018-15415.json index a6ca383a1d0..75fe69a2a63 100644 --- a/2018/15xxx/CVE-2018-15415.json +++ b/2018/15xxx/CVE-2018-15415.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15415", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx WRF Player ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "7.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15415", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx WRF Player ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce" - }, - { - "name" : "105520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105520" - }, - { - "name" : "1041795", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041795" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-webex-rce", - "defect" : [ - [ - "CSCvj83752", - "CSCvj83767", - "CSCvj83771", - "CSCvj83793", - "CSCvj83797", - "CSCvj83803", - "CSCvj83818", - "CSCvj83824", - "CSCvj83831", - "CSCvj87929", - "CSCvj87934", - "CSCvj93870", - "CSCvj93877", - "CSCvk31089", - "CSCvk33049", - "CSCvk52510", - "CSCvk52518", - "CSCvk52521", - "CSCvk59945", - "CSCvk59949", - "CSCvk59950", - "CSCvk60158", - "CSCvk60163", - "CSCvm51315", - "CSCvm51318", - "CSCvm51361", - "CSCvm51371", - "CSCvm51373", - "CSCvm51374", - "CSCvm51382", - "CSCvm51386", - "CSCvm51391", - "CSCvm51393", - "CSCvm51396", - "CSCvm51398", - "CSCvm51412", - "CSCvm51413", - "CSCvm54531", - "CSCvm54538" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041795", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041795" + }, + { + "name": "105520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105520" + }, + { + "name": "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-webex-rce", + "defect": [ + [ + "CSCvj83752", + "CSCvj83767", + "CSCvj83771", + "CSCvj83793", + "CSCvj83797", + "CSCvj83803", + "CSCvj83818", + "CSCvj83824", + "CSCvj83831", + "CSCvj87929", + "CSCvj87934", + "CSCvj93870", + "CSCvj93877", + "CSCvk31089", + "CSCvk33049", + "CSCvk52510", + "CSCvk52518", + "CSCvk52521", + "CSCvk59945", + "CSCvk59949", + "CSCvk59950", + "CSCvk60158", + "CSCvk60163", + "CSCvm51315", + "CSCvm51318", + "CSCvm51361", + "CSCvm51371", + "CSCvm51373", + "CSCvm51374", + "CSCvm51382", + "CSCvm51386", + "CSCvm51391", + "CSCvm51393", + "CSCvm51396", + "CSCvm51398", + "CSCvm51412", + "CSCvm51413", + "CSCvm54531", + "CSCvm54538" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15540.json b/2018/15xxx/CVE-2018-15540.json index bb6347ff16d..1935e798b7d 100644 --- a/2018/15xxx/CVE-2018-15540.json +++ b/2018/15xxx/CVE-2018-15540.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181011 Cockpit CMS Multiple Vulnerabilities (CVE-2018-15538, CVE-2018-15539, CVE-2018-15540)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Oct/30" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181011 Cockpit CMS Multiple Vulnerabilities (CVE-2018-15538, CVE-2018-15539, CVE-2018-15540)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Oct/30" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3048.json b/2018/3xxx/CVE-2018-3048.json index efb89cc7645..dfe4f882b5f 100644 --- a/2018/3xxx/CVE-2018-3048.json +++ b/2018/3xxx/CVE-2018-3048.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Banking Corporate Lending", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.4.0" - }, - { - "version_affected" : "=", - "version_value" : "12.5.0" - }, - { - "version_affected" : "=", - "version_value" : "14.0.0" - }, - { - "version_affected" : "=", - "version_value" : "14.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.3.0" + }, + { + "version_affected": "=", + "version_value": "12.4.0" + }, + { + "version_affected": "=", + "version_value": "12.5.0" + }, + { + "version_affected": "=", + "version_value": "14.0.0" + }, + { + "version_affected": "=", + "version_value": "14.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104795" - }, - { - "name" : "1041307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041307" + }, + { + "name": "104795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104795" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3159.json b/2018/3xxx/CVE-2018-3159.json index c1b9d9e6335..835def3dae2 100644 --- a/2018/3xxx/CVE-2018-3159.json +++ b/2018/3xxx/CVE-2018-3159.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Cruise Fleet Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Sender and Receiver). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management executes to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management executes to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Fleet Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Sender and Receiver). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management executes to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management executes to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105634" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3287.json b/2018/3xxx/CVE-2018-3287.json index 711c034dfb7..d83fe60be39 100644 --- a/2018/3xxx/CVE-2018-3287.json +++ b/2018/3xxx/CVE-2018-3287.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.20" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.20" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105619" - }, - { - "name" : "1041887", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "1041887", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041887" + }, + { + "name": "105619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105619" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3631.json b/2018/3xxx/CVE-2018-3631.json index 3dbccb545df..d61ee8d3fd3 100644 --- a/2018/3xxx/CVE-2018-3631.json +++ b/2018/3xxx/CVE-2018-3631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8007.json b/2018/8xxx/CVE-2018-8007.json index a54c27c0c2f..5ce0c5ce055 100644 --- a/2018/8xxx/CVE-2018-8007.json +++ b/2018/8xxx/CVE-2018-8007.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-07-10T00:00:00", - "ID" : "CVE-2018-8007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache CouchDB", - "version" : { - "version_data" : [ - { - "version_value" : "< 1.7.2" - }, - { - "version_value" : "2.0.0 to 2.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Administrative Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-07-10T00:00:00", + "ID": "CVE-2018-8007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache CouchDB", + "version": { + "version_data": [ + { + "version_value": "< 1.7.2" + }, + { + "version_value": "2.0.0 to 2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[couchdb-announce] 20180710 Apache CouchDB 1.7.2 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E" - }, - { - "name" : "[couchdb-announce] 20180710 Apache CouchDB 2.1.2 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan@RITA%3e" - }, - { - "name" : "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/", - "refsource" : "MISC", - "url" : "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/" - }, - { - "name" : "https://blog.couchdb.org/2018/07/10/cve-2018-8007/", - "refsource" : "CONFIRM", - "url" : "https://blog.couchdb.org/2018/07/10/cve-2018-8007/" - }, - { - "name" : "GLSA-201812-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201812-06" - }, - { - "name" : "104741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Administrative Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[couchdb-announce] 20180710 Apache CouchDB 2.1.2 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan@RITA%3e" + }, + { + "name": "GLSA-201812-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201812-06" + }, + { + "name": "[couchdb-announce] 20180710 Apache CouchDB 1.7.2 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E" + }, + { + "name": "104741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104741" + }, + { + "name": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/", + "refsource": "MISC", + "url": "https://www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/" + }, + { + "name": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/", + "refsource": "CONFIRM", + "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8425.json b/2018/8xxx/CVE-2018-8425.json index b66e577e348..9083f14c6e4 100644 --- a/2018/8xxx/CVE-2018-8425.json +++ b/2018/8xxx/CVE-2018-8425.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka \"Microsoft Edge Spoofing Vulnerability.\" This affects Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8425", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8425" - }, - { - "name" : "105255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105255" - }, - { - "name" : "1041623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka \"Microsoft Edge Spoofing Vulnerability.\" This affects Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8425", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8425" + }, + { + "name": "105255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105255" + }, + { + "name": "1041623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041623" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8675.json b/2018/8xxx/CVE-2018-8675.json index 8b0e8e05317..7e44b974edd 100644 --- a/2018/8xxx/CVE-2018-8675.json +++ b/2018/8xxx/CVE-2018-8675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8831.json b/2018/8xxx/CVE-2018-8831.json index 3006f60bc3e..40fd2005f35 100644 --- a/2018/8xxx/CVE-2018-8831.json +++ b/2018/8xxx/CVE-2018-8831.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44487", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44487/" - }, - { - "name" : "20180417 Kodi <= 17.6 - Persistent Cross-Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Apr/36" - }, - { - "name" : "https://trac.kodi.tv/ticket/17814", - "refsource" : "MISC", - "url" : "https://trac.kodi.tv/ticket/17814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180417 Kodi <= 17.6 - Persistent Cross-Site Scripting", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Apr/36" + }, + { + "name": "44487", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44487/" + }, + { + "name": "https://trac.kodi.tv/ticket/17814", + "refsource": "MISC", + "url": "https://trac.kodi.tv/ticket/17814" + } + ] + } +} \ No newline at end of file