diff --git a/2000/1xxx/CVE-2000-1174.json b/2000/1xxx/CVE-2000-1174.json index ec11385dc69..3e468c64f42 100644 --- a/2000/1xxx/CVE-2000-1174.json +++ b/2000/1xxx/CVE-2000-1174.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html" - }, - { - "name" : "20001121 ethereal: remote exploit", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2000/20001122a" - }, - { - "name" : "CLSA-2000:342", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342" - }, - { - "name" : "RHSA-2000:116", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-116.html" - }, - { - "name" : "FreeBSD-SA-00:81", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.asc" - }, - { - "name" : "ethereal-afs-bo(5557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5557" - }, - { - "name" : "1972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html" + }, + { + "name": "20001121 ethereal: remote exploit", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2000/20001122a" + }, + { + "name": "FreeBSD-SA-00:81", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.asc" + }, + { + "name": "ethereal-afs-bo(5557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5557" + }, + { + "name": "CLSA-2000:342", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342" + }, + { + "name": "1972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1972" + }, + { + "name": "RHSA-2000:116", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-116.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0149.json b/2005/0xxx/CVE-2005-0149.json index a7ae39f8e58..4a7223812df 100644 --- a/2005/0xxx/CVE-2005-0149.json +++ b/2005/0xxx/CVE-2005-0149.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-11.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=268107" - }, - { - "name" : "RHSA-2005:094", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-094.html" - }, - { - "name" : "RHSA-2005:323", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-323.html" - }, - { - "name" : "RHSA-2005:335", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-335.html" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "12407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12407" - }, - { - "name" : "oval:org.mitre.oval:def:100047", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047" - }, - { - "name" : "oval:org.mitre.oval:def:11407", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - }, - { - "name" : "mozilla-cookie-policy-bypass(19172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:323", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-323.html" + }, + { + "name": "12407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12407" + }, + { + "name": "oval:org.mitre.oval:def:100047", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047" + }, + { + "name": "RHSA-2005:335", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-335.html" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-11.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-11.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=268107" + }, + { + "name": "RHSA-2005:094", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-094.html" + }, + { + "name": "oval:org.mitre.oval:def:11407", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "mozilla-cookie-policy-bypass(19172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0484.json b/2005/0xxx/CVE-2005-0484.json index f861aef0208..dd3fa0449b3 100644 --- a/2005/0xxx/CVE-2005-0484.json +++ b/2005/0xxx/CVE-2005-0484.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200502-26", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200502-26.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=81894", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=81894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=81894", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=81894" + }, + { + "name": "GLSA-200502-26", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200502-26.xml" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2185.json b/2005/2xxx/CVE-2005-2185.json index 0a0b2b9253c..f891213cb24 100644 --- a/2005/2xxx/CVE-2005-2185.json +++ b/2005/2xxx/CVE-2005-2185.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050706 eRoom Multiple Security Issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112069267700034&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050706 eRoom Multiple Security Issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112069267700034&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2409.json b/2005/2xxx/CVE-2005-2409.json index 6c23bfc6516..90c94a436a1 100644 --- a/2005/2xxx/CVE-2005-2409.json +++ b/2005/2xxx/CVE-2005-2409.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt", - "refsource" : "MISC", - "url" : "http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt" - }, - { - "name" : "http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html", - "refsource" : "CONFIRM", - "url" : "http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html" - }, - { - "name" : "14441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14441" - }, - { - "name" : "16279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16279" - }, - { - "name" : "16324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16324" - }, - { - "name" : "nbsmtp-format-string(21674)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html", + "refsource": "CONFIRM", + "url": "http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html" + }, + { + "name": "16324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16324" + }, + { + "name": "nbsmtp-format-string(21674)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21674" + }, + { + "name": "http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt", + "refsource": "MISC", + "url": "http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt" + }, + { + "name": "14441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14441" + }, + { + "name": "16279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16279" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2817.json b/2005/2xxx/CVE-2005-2817.json index b906cdc2496..5108288606f 100644 --- a/2005/2xxx/CVE-2005-2817.json +++ b/2005/2xxx/CVE-2005-2817.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050831 Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Aug/0438.html" - }, - { - "name" : "http://rgod.altervista.org/smf105.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/smf105.html" - }, - { - "name" : "1014828", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014828" - }, - { - "name" : "16646", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16646" - }, - { - "name" : "smf-avatar-image-information-disclosure(22093)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014828", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014828" + }, + { + "name": "smf-avatar-image-information-disclosure(22093)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22093" + }, + { + "name": "20050831 Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Aug/0438.html" + }, + { + "name": "16646", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16646" + }, + { + "name": "http://rgod.altervista.org/smf105.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/smf105.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2965.json b/2005/2xxx/CVE-2005-2965.json index 6d6896117bd..17381cdf32a 100644 --- a/2005/2xxx/CVE-2005-2965.json +++ b/2005/2xxx/CVE-2005-2965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2965", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4802, CVE-2005-4803. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2005-4802 and CVE-2005-4803 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-2965", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4802, CVE-2005-4803. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2005-4802 and CVE-2005-4803 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2967.json b/2005/2xxx/CVE-2005-2967.json index 5d8451e414b..3e623fb086f 100644 --- a/2005/2xxx/CVE-2005-2967.json +++ b/2005/2xxx/CVE-2005-2967.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-2967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051008 xine/gxine CD Player Remote Format String Bug", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html" - }, - { - "name" : "http://xinehq.de/index.php/security/XSA-2005-1", - "refsource" : "CONFIRM", - "url" : "http://xinehq.de/index.php/security/XSA-2005-1" - }, - { - "name" : "DSA-863", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-863" - }, - { - "name" : "GLSA-200510-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml" - }, - { - "name" : "MDKSA-2005:180", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180" - }, - { - "name" : "SSA:2005-283-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454" - }, - { - "name" : "SUSE-SR:2005:024", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_24_sr.html" - }, - { - "name" : "USN-196-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-196-1" - }, - { - "name" : "15044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15044" - }, - { - "name" : "19892", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19892" - }, - { - "name" : "17099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17099/" - }, - { - "name" : "17132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17132" - }, - { - "name" : "17162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17162" - }, - { - "name" : "17179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17179" - }, - { - "name" : "17097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17097" - }, - { - "name" : "17111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17111" - }, - { - "name" : "17282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17282" - }, - { - "name" : "xinelib-inputcdda-format-string(22545)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15044" + }, + { + "name": "17132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17132" + }, + { + "name": "MDKSA-2005:180", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180" + }, + { + "name": "17282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17282" + }, + { + "name": "17097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17097" + }, + { + "name": "19892", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19892" + }, + { + "name": "SSA:2005-283-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454" + }, + { + "name": "http://xinehq.de/index.php/security/XSA-2005-1", + "refsource": "CONFIRM", + "url": "http://xinehq.de/index.php/security/XSA-2005-1" + }, + { + "name": "DSA-863", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-863" + }, + { + "name": "20051008 xine/gxine CD Player Remote Format String Bug", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html" + }, + { + "name": "SUSE-SR:2005:024", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html" + }, + { + "name": "17111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17111" + }, + { + "name": "GLSA-200510-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml" + }, + { + "name": "USN-196-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-196-1" + }, + { + "name": "17179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17179" + }, + { + "name": "17162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17162" + }, + { + "name": "17099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17099/" + }, + { + "name": "xinelib-inputcdda-format-string(22545)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4038.json b/2005/4xxx/CVE-2005-4038.json index 42153b64d54..28ff78c557f 100644 --- a/2005/4xxx/CVE-2005-4038.json +++ b/2005/4xxx/CVE-2005-4038.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html" - }, - { - "name" : "15716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15716" - }, - { - "name" : "ADV-2005-2733", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2733" - }, - { - "name" : "21422", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21422" - }, - { - "name" : "17880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17880" - }, - { - "name" : "portal-solutions-comentarii-sql-injection(23419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2733", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2733" + }, + { + "name": "15716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15716" + }, + { + "name": "portal-solutions-comentarii-sql-injection(23419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23419" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html" + }, + { + "name": "21422", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21422" + }, + { + "name": "17880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17880" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4213.json b/2005/4xxx/CVE-2005-4213.json index ff6be6259ac..04e8a5d44a1 100644 --- a/2005/4xxx/CVE-2005-4213.json +++ b/2005/4xxx/CVE-2005-4213.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051213 phpCOIN 1.2.2 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419382/100/0/threaded" - }, - { - "name" : "http://forums.phpcoin.com/index.php?showtopic=5469", - "refsource" : "CONFIRM", - "url" : "http://forums.phpcoin.com/index.php?showtopic=5469" - }, - { - "name" : "http://rgod.altervista.org/phpcoin122.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/phpcoin122.html" - }, - { - "name" : "http://rgod.altervista.org/phpcoin_122_sql_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/phpcoin_122_sql_xpl.html" - }, - { - "name" : "15830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15830" - }, - { - "name" : "ADV-2005-2888", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2888" - }, - { - "name" : "21725", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21725" - }, - { - "name" : "1015345", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015345" - }, - { - "name" : "18030", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rgod.altervista.org/phpcoin122.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/phpcoin122.html" + }, + { + "name": "15830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15830" + }, + { + "name": "21725", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21725" + }, + { + "name": "http://rgod.altervista.org/phpcoin_122_sql_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/phpcoin_122_sql_xpl.html" + }, + { + "name": "http://forums.phpcoin.com/index.php?showtopic=5469", + "refsource": "CONFIRM", + "url": "http://forums.phpcoin.com/index.php?showtopic=5469" + }, + { + "name": "18030", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18030" + }, + { + "name": "20051213 phpCOIN 1.2.2 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419382/100/0/threaded" + }, + { + "name": "ADV-2005-2888", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2888" + }, + { + "name": "1015345", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015345" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4450.json b/2005/4xxx/CVE-2005-4450.json index 47448a03a53..348c7f440ae 100644 --- a/2005/4xxx/CVE-2005-4450.json +++ b/2005/4xxx/CVE-2005-4450.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18113" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4800.json b/2005/4xxx/CVE-2005-4800.json index 0de8b79182c..ea3cec5c03f 100644 --- a/2005/4xxx/CVE-2005-4800.json +++ b/2005/4xxx/CVE-2005-4800.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051013 Yapig: XSS / Code Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html" - }, - { - "name" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt", - "refsource" : "MISC", - "url" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt" - }, - { - "name" : "19960", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19960" - }, - { - "name" : "17041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17041" - }, - { - "name" : "yapig-http-post-privilege-escalation(22753)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "yapig-http-post-privilege-escalation(22753)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22753" + }, + { + "name": "19960", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19960" + }, + { + "name": "20051013 Yapig: XSS / Code Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html" + }, + { + "name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt", + "refsource": "MISC", + "url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt" + }, + { + "name": "17041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17041" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0987.json b/2009/0xxx/CVE-2009-0987.json index e25764d04d9..6bd2915f1c8 100644 --- a/2009/0xxx/CVE-2009-0987.json +++ b/2009/0xxx/CVE-2009-0987.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-0987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "35679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35679" - }, - { - "name" : "55889", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55889" - }, - { - "name" : "1022560", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022560" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "ADV-2009-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1900" - }, - { - "name" : "oracle-database-upgrade-unspecified(51746)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "35679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35679" + }, + { + "name": "ADV-2009-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1900" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "55889", + "refsource": "OSVDB", + "url": "http://osvdb.org/55889" + }, + { + "name": "1022560", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022560" + }, + { + "name": "oracle-database-upgrade-unspecified(51746)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51746" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2161.json b/2009/2xxx/CVE-2009-2161.json index 88e325c9b5c..9e9dc8baf93 100644 --- a/2009/2xxx/CVE-2009-2161.json +++ b/2009/2xxx/CVE-2009-2161.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090615 [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504294/100/0/threaded" - }, - { - "name" : "8958", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8958" - }, - { - "name" : "http://www.waraxe.us/advisory-74.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-74.html" - }, - { - "name" : "35369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35369" - }, - { - "name" : "35456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35456" - }, - { - "name" : "torrenttrader-ssuri-file-include(51146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35456" + }, + { + "name": "35369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35369" + }, + { + "name": "torrenttrader-ssuri-file-include(51146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51146" + }, + { + "name": "8958", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8958" + }, + { + "name": "20090615 [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504294/100/0/threaded" + }, + { + "name": "http://www.waraxe.us/advisory-74.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-74.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2211.json b/2009/2xxx/CVE-2009-2211.json index 4c678d2eb98..c156885d5b6 100644 --- a/2009/2xxx/CVE-2009-2211.json +++ b/2009/2xxx/CVE-2009-2211.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PK77030", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030" - }, - { - "name" : "1022456", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022456" - }, - { - "name" : "35564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35564" + }, + { + "name": "PK77030", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030" + }, + { + "name": "1022456", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022456" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2455.json b/2009/2xxx/CVE-2009-2455.json index 314250cf670..e3b5f199c0a 100644 --- a/2009/2xxx/CVE-2009-2455.json +++ b/2009/2xxx/CVE-2009-2455.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34403" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2849.json b/2009/2xxx/CVE-2009-2849.json index 6cfbc367c6f..c6a876b0bee 100644 --- a/2009/2xxx/CVE-2009-2849.json +++ b/2009/2xxx/CVE-2009-2849.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to \"suspend_* sysfs attributes\" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090724 md raid null ptr dereference (when sysfs is writable)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/07/24/1" - }, - { - "name" : "[oss-security] 20090726 Re: md raid null ptr dereference (when sysfs is writable)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/07/26/1" - }, - { - "name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" - }, - { - "name" : "http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/", - "refsource" : "MISC", - "url" : "http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.2" - }, - { - "name" : "FEDORA-2009-9044", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html" - }, - { - "name" : "RHSA-2009:1540", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1540.html" - }, - { - "name" : "USN-852-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-852-1" - }, - { - "name" : "oval:org.mitre.oval:def:10396", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10396" - }, - { - "name" : "1022961", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022961" - }, - { - "name" : "36501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36501" - }, - { - "name" : "38794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38794" - }, - { - "name" : "38834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38834" - }, - { - "name" : "37105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37105" - }, - { - "name" : "ADV-2010-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0528" - }, - { - "name" : "kernel-mddriver-dos(52858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to \"suspend_* sysfs attributes\" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2009:1540", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html" + }, + { + "name": "1022961", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022961" + }, + { + "name": "USN-852-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-852-1" + }, + { + "name": "38794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38794" + }, + { + "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.2" + }, + { + "name": "oval:org.mitre.oval:def:10396", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10396" + }, + { + "name": "FEDORA-2009-9044", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html" + }, + { + "name": "[oss-security] 20090726 Re: md raid null ptr dereference (when sysfs is writable)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/07/26/1" + }, + { + "name": "38834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38834" + }, + { + "name": "http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/", + "refsource": "MISC", + "url": "http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/" + }, + { + "name": "kernel-mddriver-dos(52858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52858" + }, + { + "name": "[oss-security] 20090724 md raid null ptr dereference (when sysfs is writable)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/07/24/1" + }, + { + "name": "36501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36501" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244" + }, + { + "name": "37105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37105" + }, + { + "name": "ADV-2010-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0528" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3180.json b/2009/3xxx/CVE-2009-3180.json index 37b94d30c6f..0fbefbd90b3 100644 --- a/2009/3xxx/CVE-2009-3180.json +++ b/2009/3xxx/CVE-2009-3180.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9425", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9425" - }, - { - "name" : "33686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9425", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9425" + }, + { + "name": "33686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33686" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3386.json b/2009/3xxx/CVE-2009-3386.json index 0c9656228d6..47bec39b814 100644 --- a/2009/3xxx/CVE-2009-3386.json +++ b/2009/3xxx/CVE-2009-3386.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.4.3/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.4.3/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=529416", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=529416" - }, - { - "name" : "37062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37062" - }, - { - "name" : "60271", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60271" - }, - { - "name" : "37423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37423" - }, - { - "name" : "ADV-2009-3288", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3288" - }, - { - "name" : "bugzilla-alias-information-disclosure(54332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37062" + }, + { + "name": "ADV-2009-3288", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3288" + }, + { + "name": "60271", + "refsource": "OSVDB", + "url": "http://osvdb.org/60271" + }, + { + "name": "bugzilla-alias-information-disclosure(54332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54332" + }, + { + "name": "37423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37423" + }, + { + "name": "http://www.bugzilla.org/security/3.4.3/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.4.3/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=529416", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=529416" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3429.json b/2009/3xxx/CVE-2009-3429.json index bb386fd0ada..f0346de478b 100644 --- a/2009/3xxx/CVE-2009-3429.json +++ b/2009/3xxx/CVE-2009-3429.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9321", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9321", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9321" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4042.json b/2009/4xxx/CVE-2009-4042.json index a3d5b5c28f3..b6a92db8724 100644 --- a/2009/4xxx/CVE-2009-4042.json +++ b/2009/4xxx/CVE-2009-4042.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/629894", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/629894" - }, - { - "name" : "http://drupal.org/node/630168", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/630168" - }, - { - "name" : "36998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36998" - }, - { - "name" : "59914", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59914" - }, - { - "name" : "37334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37334" - }, - { - "name" : "ADV-2009-3210", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3210" - }, - { - "name" : "rootcandy-unspecified-xss(54245)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3210", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3210" + }, + { + "name": "37334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37334" + }, + { + "name": "http://drupal.org/node/630168", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/630168" + }, + { + "name": "36998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36998" + }, + { + "name": "http://drupal.org/node/629894", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/629894" + }, + { + "name": "rootcandy-unspecified-xss(54245)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54245" + }, + { + "name": "59914", + "refsource": "OSVDB", + "url": "http://osvdb.org/59914" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4143.json b/2009/4xxx/CVE-2009-4143.json index 6d2b6572035..4d200c3f1dd 100644 --- a/2009/4xxx/CVE-2009-4143.json +++ b/2009/4xxx/CVE-2009-4143.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/releases/5_2_12.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_2_12.php" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "DSA-2001", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2001" - }, - { - "name" : "HPSBUX02543", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127680701405735&w=2" - }, - { - "name" : "SSRT100152", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127680701405735&w=2" - }, - { - "name" : "HPSBMA02568", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" - }, - { - "name" : "SSRT100219", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" - }, - { - "name" : "MDVSA-2010:045", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045" - }, - { - "name" : "37390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37390" - }, - { - "name" : "oval:org.mitre.oval:def:7439", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439" - }, - { - "name" : "37821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37821" - }, - { - "name" : "38648", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38648" - }, - { - "name" : "40262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40262" - }, - { - "name" : "41480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41480" - }, - { - "name" : "41490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41490" - }, - { - "name" : "ADV-2009-3593", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php.net/releases/5_2_12.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_2_12.php" + }, + { + "name": "40262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40262" + }, + { + "name": "37390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37390" + }, + { + "name": "HPSBUX02543", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127680701405735&w=2" + }, + { + "name": "37821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37821" + }, + { + "name": "38648", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38648" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "41490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41490" + }, + { + "name": "HPSBMA02568", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "MDVSA-2010:045", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "ADV-2009-3593", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3593" + }, + { + "name": "DSA-2001", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2001" + }, + { + "name": "SSRT100219", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" + }, + { + "name": "41480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41480" + }, + { + "name": "oval:org.mitre.oval:def:7439", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439" + }, + { + "name": "SSRT100152", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127680701405735&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4442.json b/2009/4xxx/CVE-2009-4442.json index 075a098045e..a2c03bf701d 100644 --- a/2009/4xxx/CVE-2009-4442.json +++ b/2009/4xxx/CVE-2009-4442.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1" - }, - { - "name" : "270789", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1" - }, - { - "name" : "37481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37481" - }, - { - "name" : "1023389", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023389" - }, - { - "name" : "37915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37915" - }, - { - "name" : "ADV-2009-3647", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3647", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3647" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1" + }, + { + "name": "37481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37481" + }, + { + "name": "1023389", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023389" + }, + { + "name": "270789", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1" + }, + { + "name": "37915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37915" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4526.json b/2009/4xxx/CVE-2009-4526.json index f7d29910c27..6273ee68fbf 100644 --- a/2009/4xxx/CVE-2009-4526.json +++ b/2009/4xxx/CVE-2009-4526.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a \"Send to friend\" form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/604804", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/604804" - }, - { - "name" : "http://drupal.org/node/604806", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/604806" - }, - { - "name" : "http://drupal.org/node/604808", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/604808" - }, - { - "name" : "36707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36707" - }, - { - "name" : "58951", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58951" - }, - { - "name" : "37059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37059" - }, - { - "name" : "ADV-2009-2922", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a \"Send to friend\" form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2922", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2922" + }, + { + "name": "http://drupal.org/node/604806", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/604806" + }, + { + "name": "58951", + "refsource": "OSVDB", + "url": "http://osvdb.org/58951" + }, + { + "name": "37059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37059" + }, + { + "name": "http://drupal.org/node/604808", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/604808" + }, + { + "name": "http://drupal.org/node/604804", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/604804" + }, + { + "name": "36707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36707" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4775.json b/2009/4xxx/CVE-2009-4775.json index 6d6cc1d165f..a3c88e5c8b6 100644 --- a/2009/4xxx/CVE-2009-4775.json +++ b/2009/4xxx/CVE-2009-4775.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9607", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9607" - }, - { - "name" : "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt" - }, - { - "name" : "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23", - "refsource" : "CONFIRM", - "url" : "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23" - }, - { - "name" : "36297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36297" - }, - { - "name" : "wsftp-http-format-string(53098)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23", + "refsource": "CONFIRM", + "url": "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23" + }, + { + "name": "wsftp-http-format-string(53098)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53098" + }, + { + "name": "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt" + }, + { + "name": "9607", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9607" + }, + { + "name": "36297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36297" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4816.json b/2009/4xxx/CVE-2009-4816.json index d30563d8745..b82fb9954ac 100644 --- a/2009/4xxx/CVE-2009-4816.json +++ b/2009/4xxx/CVE-2009-4816.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10599", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10599" - }, - { - "name" : "61270", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61270" - }, - { - "name" : "37873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37873" - }, - { - "name" : "theuploader-filename-dir-traversal(54974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "theuploader-filename-dir-traversal(54974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54974" + }, + { + "name": "10599", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10599" + }, + { + "name": "61270", + "refsource": "OSVDB", + "url": "http://osvdb.org/61270" + }, + { + "name": "37873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37873" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4980.json b/2009/4xxx/CVE-2009-4980.json index 6d0fa78e4f6..165f77e8562 100644 --- a/2009/4xxx/CVE-2009-4980.json +++ b/2009/4xxx/CVE-2009-4980.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/120/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/120/45/" - }, - { - "name" : "35966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35966" - }, - { - "name" : "36150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35966" + }, + { + "name": "36150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36150" + }, + { + "name": "http://holisticinfosec.org/content/view/120/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/120/45/" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0166.json b/2015/0xxx/CVE-2015-0166.json index bab74d4609f..5578a4ae4c7 100644 --- a/2015/0xxx/CVE-2015-0166.json +++ b/2015/0xxx/CVE-2015-0166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0166", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-0166", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0239.json b/2015/0xxx/CVE-2015-0239.json index 51c0041cee3..595dd2e6aa8 100644 --- a/2015/0xxx/CVE-2015-0239.json +++ b/2015/0xxx/CVE-2015-0239.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[bk-commits-head] 20150123 KVM: x86: SYSENTER emulation is broken", - "refsource" : "MLIST", - "url" : "http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245" - }, - { - "name" : "[oss-security] 20150127 KVM SYSENTER emulation vulnerability - CVE-2015-0239", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/27/6" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3747379accba8e95d70cec0eae0582c8c182050", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3747379accba8e95d70cec0eae0582c8c182050" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1186448", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1186448" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3170", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3170" - }, - { - "name" : "MDVSA-2015:058", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058" - }, - { - "name" : "RHSA-2015:1272", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1272.html" - }, - { - "name" : "USN-2515-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2515-1" - }, - { - "name" : "USN-2516-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2516-1" - }, - { - "name" : "USN-2517-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2517-1" - }, - { - "name" : "USN-2518-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2518-1" - }, - { - "name" : "USN-2513-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2513-1" - }, - { - "name" : "USN-2514-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2514-1" - }, - { - "name" : "72842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2515-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2515-1" + }, + { + "name": "DSA-3170", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3170" + }, + { + "name": "72842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72842" + }, + { + "name": "[oss-security] 20150127 KVM SYSENTER emulation vulnerability - CVE-2015-0239", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/27/6" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1186448", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186448" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3747379accba8e95d70cec0eae0582c8c182050", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3747379accba8e95d70cec0eae0582c8c182050" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050" + }, + { + "name": "USN-2514-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2514-1" + }, + { + "name": "USN-2518-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2518-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5" + }, + { + "name": "MDVSA-2015:058", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058" + }, + { + "name": "[bk-commits-head] 20150123 KVM: x86: SYSENTER emulation is broken", + "refsource": "MLIST", + "url": "http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245" + }, + { + "name": "USN-2517-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2517-1" + }, + { + "name": "USN-2516-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2516-1" + }, + { + "name": "RHSA-2015:1272", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html" + }, + { + "name": "USN-2513-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2513-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1363.json b/2015/1xxx/CVE-2015-1363.json index fd352a0291a..78f94167c8f 100644 --- a/2015/1xxx/CVE-2015-1363.json +++ b/2015/1xxx/CVE-2015-1363.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150122 XSS vulnerability in articleFR CMS 3.0.5", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/101" - }, - { - "name" : "http://packetstormsecurity.com/files/130066/articleFR-CMS-3.0.5-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130066/articleFR-CMS-3.0.5-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.itas.vn/news/itas-team-found-out-XSS-vulnerability-in-articlefr-cms-73.html", - "refsource" : "MISC", - "url" : "http://www.itas.vn/news/itas-team-found-out-XSS-vulnerability-in-articlefr-cms-73.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.itas.vn/news/itas-team-found-out-XSS-vulnerability-in-articlefr-cms-73.html", + "refsource": "MISC", + "url": "http://www.itas.vn/news/itas-team-found-out-XSS-vulnerability-in-articlefr-cms-73.html" + }, + { + "name": "20150122 XSS vulnerability in articleFR CMS 3.0.5", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/101" + }, + { + "name": "http://packetstormsecurity.com/files/130066/articleFR-CMS-3.0.5-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130066/articleFR-CMS-3.0.5-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1611.json b/2015/1xxx/CVE-2015-1611.json index f474a1e5ef5..651abf39eae 100644 --- a/2015/1xxx/CVE-2015-1611.json +++ b/2015/1xxx/CVE-2015-1611.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to \"fake LLDP injection.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.internetsociety.org/sites/default/files/10_4_2.pdf", - "refsource" : "MISC", - "url" : "http://www.internetsociety.org/sites/default/files/10_4_2.pdf" - }, - { - "name" : "https://cloudrouter.org/security/", - "refsource" : "CONFIRM", - "url" : "https://cloudrouter.org/security/" - }, - { - "name" : "https://git.opendaylight.org/gerrit/#/c/16193/", - "refsource" : "CONFIRM", - "url" : "https://git.opendaylight.org/gerrit/#/c/16193/" - }, - { - "name" : "https://git.opendaylight.org/gerrit/#/c/16208/", - "refsource" : "CONFIRM", - "url" : "https://git.opendaylight.org/gerrit/#/c/16208/" - }, - { - "name" : "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP", - "refsource" : "CONFIRM", - "url" : "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP" - }, - { - "name" : "73254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to \"fake LLDP injection.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.opendaylight.org/gerrit/#/c/16208/", + "refsource": "CONFIRM", + "url": "https://git.opendaylight.org/gerrit/#/c/16208/" + }, + { + "name": "http://www.internetsociety.org/sites/default/files/10_4_2.pdf", + "refsource": "MISC", + "url": "http://www.internetsociety.org/sites/default/files/10_4_2.pdf" + }, + { + "name": "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP", + "refsource": "CONFIRM", + "url": "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP" + }, + { + "name": "73254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73254" + }, + { + "name": "https://git.opendaylight.org/gerrit/#/c/16193/", + "refsource": "CONFIRM", + "url": "https://git.opendaylight.org/gerrit/#/c/16193/" + }, + { + "name": "https://cloudrouter.org/security/", + "refsource": "CONFIRM", + "url": "https://cloudrouter.org/security/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1618.json b/2015/1xxx/CVE-2015-1618.json index 51e05b0ac75..b2db587d492 100644 --- a/2015/1xxx/CVE-2015-1618.json +++ b/2015/1xxx/CVE-2015-1618.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10098", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10098", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10098" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1630.json b/2015/1xxx/CVE-2015-1630.json index 0f81968b041..5315db35bb2 100644 --- a/2015/1xxx/CVE-2015-1630.json +++ b/2015/1xxx/CVE-2015-1630.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Audit Report Cross Site Scripting Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026" - }, - { - "name" : "1031900", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Audit Report Cross Site Scripting Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026" + }, + { + "name": "1031900", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031900" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4188.json b/2015/4xxx/CVE-2015-4188.json index 4c1f4fb6f53..245f15f1d95 100644 --- a/2015/4xxx/CVE-2015-4188.json +++ b/2015/4xxx/CVE-2015-4188.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150616 Cisco Prime Collaboration Manager SQL Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39365" - }, - { - "name" : "75268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75268" - }, - { - "name" : "1032592", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032592", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032592" + }, + { + "name": "75268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75268" + }, + { + "name": "20150616 Cisco Prime Collaboration Manager SQL Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39365" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4622.json b/2015/4xxx/CVE-2015-4622.json index b940084c027..7a11ae47ef9 100644 --- a/2015/4xxx/CVE-2015-4622.json +++ b/2015/4xxx/CVE-2015-4622.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4622", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4622", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5912.json b/2015/5xxx/CVE-2015-5912.json index a44a05839eb..fdff5f44d2a 100644 --- a/2015/5xxx/CVE-2015-5912.json +++ b/2015/5xxx/CVE-2015-5912.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150916 Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536488/100/0/threaded" - }, - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "20150916 Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536488/100/0/threaded" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5922.json b/2015/5xxx/CVE-2015-5922.json index 30030ede4a8..ba125333e49 100644 --- a/2015/5xxx/CVE-2015-5922.json +++ b/2015/5xxx/CVE-2015-5922.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76911" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "76911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76911" + } + ] + } +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002009.json b/2018/1002xxx/CVE-2018-1002009.json index 911bb68035e..3ec9319e618 100644 --- a/2018/1002xxx/CVE-2018-1002009.json +++ b/2018/1002xxx/CVE-2018-1002009.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "larry0@me.com", - "DATE_ASSIGNED" : "2018-08-22", - "ID" : "CVE-2018-1002009", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Arigato Autoresponder and Newsletter", - "version" : { - "version_data" : [ - { - "version_affected" : "<=", - "version_value" : "2.5.1.8" - } - ] - } - } - ] - }, - "vendor_name" : "Kiboko Labs https://calendarscripts.info/" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2018-08-22", + "ID": "CVE-2018-1002009", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Arigato Autoresponder and Newsletter", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.5.1.8" + } + ] + } + } + ] + }, + "vendor_name": "Kiboko Labs https://calendarscripts.info/" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45434", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45434/" - }, - { - "name" : "http://www.vapidlabs.com/advisory.php?v=203", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=203" - }, - { - "name" : "https://wordpress.org/plugins/bft-autoresponder/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/bft-autoresponder/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45434", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45434/" + }, + { + "name": "https://wordpress.org/plugins/bft-autoresponder/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/bft-autoresponder/" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=203", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=203" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999039.json b/2018/1999xxx/CVE-2018-1999039.json index 776b53cdab5..d5496b7082d 100644 --- a/2018/1999xxx/CVE-2018-1999039.json +++ b/2018/1999xxx/CVE-2018-1999039.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-31T20:04:28.275856", - "DATE_REQUESTED" : "2018-07-30T00:00:00", - "ID" : "CVE-2018-1999039", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Confluence Publisher Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-31T20:04:28.275856", + "DATE_REQUESTED": "2018-07-30T00:00:00", + "ID": "CVE-2018-1999039", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3279.json b/2018/3xxx/CVE-2018-3279.json index f4e10bf78ef..dfebdc0b0b4 100644 --- a/2018/3xxx/CVE-2018-3279.json +++ b/2018/3xxx/CVE-2018-3279.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "105607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105607" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "105607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105607" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3665.json b/2018/3xxx/CVE-2018-3665.json index 680be0084f9..14066507b36 100644 --- a/2018/3xxx/CVE-2018-3665.json +++ b/2018/3xxx/CVE-2018-3665.json @@ -1,158 +1,158 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-06-13T00:00:00", - "ID" : "CVE-2018-3665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Core-based microprocessors", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-06-13T00:00:00", + "ID": "CVE-2018-3665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Core-based microprocessors", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" - }, - { - "name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" - }, - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html" - }, - { - "name" : "https://support.citrix.com/article/CTX235745", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX235745" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_18_31", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_18_31" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181016-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181016-0001/" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "DSA-4232", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4232" - }, - { - "name" : "FreeBSD-SA-18:07", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc" - }, - { - "name" : "RHSA-2018:1852", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1852" - }, - { - "name" : "RHSA-2018:1944", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1944" - }, - { - "name" : "RHSA-2018:2164", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2164" - }, - { - "name" : "RHSA-2018:2165", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2165" - }, - { - "name" : "USN-3696-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3696-1/" - }, - { - "name" : "USN-3696-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3696-2/" - }, - { - "name" : "USN-3698-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3698-2/" - }, - { - "name" : "USN-3698-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3698-1/" - }, - { - "name" : "104460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104460" - }, - { - "name" : "1041124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041124" - }, - { - "name" : "1041125", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" + }, + { + "name": "RHSA-2018:2164", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2164" + }, + { + "name": "USN-3696-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3696-1/" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_18_31", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_18_31" + }, + { + "name": "1041125", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041125" + }, + { + "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" + }, + { + "name": "RHSA-2018:1944", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1944" + }, + { + "name": "RHSA-2018:1852", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1852" + }, + { + "name": "FreeBSD-SA-18:07", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc" + }, + { + "name": "1041124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041124" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "RHSA-2018:2165", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2165" + }, + { + "name": "DSA-4232", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4232" + }, + { + "name": "USN-3698-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3698-1/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181016-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181016-0001/" + }, + { + "name": "USN-3696-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3696-2/" + }, + { + "name": "104460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104460" + }, + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html" + }, + { + "name": "https://support.citrix.com/article/CTX235745", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX235745" + }, + { + "name": "USN-3698-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3698-2/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3729.json b/2018/3xxx/CVE-2018-3729.json index e2430d35998..bf02d5f28f1 100644 --- a/2018/3xxx/CVE-2018-3729.json +++ b/2018/3xxx/CVE-2018-3729.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "localhost-now node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "localhost-now node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/312889", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/312889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/312889", + "refsource": "MISC", + "url": "https://hackerone.com/reports/312889" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3797.json b/2018/3xxx/CVE-2018-3797.json index 9dc55befe55..4c7dcab26e0 100644 --- a/2018/3xxx/CVE-2018-3797.json +++ b/2018/3xxx/CVE-2018-3797.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3797", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3797", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3966.json b/2018/3xxx/CVE-2018-3966.json index 9ea5b8538dc..8812c6a82d4 100644 --- a/2018/3xxx/CVE-2018-3966.json +++ b/2018/3xxx/CVE-2018-3966.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit PDF Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit PDF Reader", + "version": { + "version_data": [ + { + "version_value": "9.1.0.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0631", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0631", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0631" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6060.json b/2018/6xxx/CVE-2018-6060.json index c5449f55375..e404c2a2b06 100644 --- a/2018/6xxx/CVE-2018-6060.json +++ b/2018/6xxx/CVE-2018-6060.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "65.0.3325.146" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "65.0.3325.146" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/780919", - "refsource" : "MISC", - "url" : "https://crbug.com/780919" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "RHSA-2018:0484", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0484" - }, - { - "name" : "103297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/780919", + "refsource": "MISC", + "url": "https://crbug.com/780919" + }, + { + "name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" + }, + { + "name": "103297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103297" + }, + { + "name": "RHSA-2018:0484", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0484" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6642.json b/2018/6xxx/CVE-2018-6642.json index 75b94bb147e..a81b62af2b9 100644 --- a/2018/6xxx/CVE-2018-6642.json +++ b/2018/6xxx/CVE-2018-6642.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6642", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6642", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6954.json b/2018/6xxx/CVE-2018-6954.json index 93cbff77f99..240e2894e4c 100644 --- a/2018/6xxx/CVE-2018-6954.json +++ b/2018/6xxx/CVE-2018-6954.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/systemd/systemd/issues/7986", - "refsource" : "MISC", - "url" : "https://github.com/systemd/systemd/issues/7986" - }, - { - "name" : "USN-3816-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3816-1/" - }, - { - "name" : "USN-3816-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3816-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3816-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3816-2/" + }, + { + "name": "https://github.com/systemd/systemd/issues/7986", + "refsource": "MISC", + "url": "https://github.com/systemd/systemd/issues/7986" + }, + { + "name": "USN-3816-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3816-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7085.json b/2018/7xxx/CVE-2018-7085.json index 08d21a726b3..6c752aa1f9b 100644 --- a/2018/7xxx/CVE-2018-7085.json +++ b/2018/7xxx/CVE-2018-7085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7085", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7085", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7203.json b/2018/7xxx/CVE-2018-7203.json index c8dc5e62467..387e23bf8ad 100644 --- a/2018/7xxx/CVE-2018-7203.json +++ b/2018/7xxx/CVE-2018-7203.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44351", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44351/" - }, - { - "name" : "http://packetstormsecurity.com/files/146939/TwonkyMedia-Server-7.0.11-8.5-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/146939/TwonkyMedia-Server-7.0.11-8.5-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/146939/TwonkyMedia-Server-7.0.11-8.5-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/146939/TwonkyMedia-Server-7.0.11-8.5-Cross-Site-Scripting.html" + }, + { + "name": "44351", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44351/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7217.json b/2018/7xxx/CVE-2018-7217.json index d0e0cd015af..d8f3fa00b1f 100644 --- a/2018/7xxx/CVE-2018-7217.json +++ b/2018/7xxx/CVE-2018-7217.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/bugtraq/2018/Feb/38", - "refsource" : "MISC", - "url" : "http://seclists.org/bugtraq/2018/Feb/38" - }, - { - "name" : "https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/bugtraq/2018/Feb/38", + "refsource": "MISC", + "url": "http://seclists.org/bugtraq/2018/Feb/38" + }, + { + "name": "https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7929.json b/2018/7xxx/CVE-2018-7929.json index 73bc0632602..33f1beadb15 100644 --- a/2018/7xxx/CVE-2018-7929.json +++ b/2018/7xxx/CVE-2018-7929.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mate RS", - "version" : { - "version_data" : [ - { - "version_value" : "The versions before NEO-AL00D 8.1.0.167(C786)" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "lock-screen bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mate RS", + "version": { + "version_data": [ + { + "version_value": "The versions before NEO-AL00D 8.1.0.167(C786)" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180914-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180914-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "lock-screen bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180914-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180914-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8019.json b/2018/8xxx/CVE-2018-8019.json index 481807d1dd5..1e60e2cc6d2 100644 --- a/2018/8xxx/CVE-2018-8019.json +++ b/2018/8xxx/CVE-2018-8019.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-07-31T00:00:00", - "ID" : "CVE-2018-8019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tomcat Native", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.0 to 1.2.16" - }, - { - "version_value" : "1.1.23 to 1.1.34" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Constraint Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-07-31T00:00:00", + "ID": "CVE-2018-8019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat Native", + "version": { + "version_data": [ + { + "version_value": "1.2.0 to 1.2.16" + }, + { + "version_value": "1.1.23 to 1.1.34" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[www-announce] 20180721 [SECURITY] CVE-2018-8019 Apache Tomcat Native Connector - Mishandled OCSP invalid response", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E" - }, - { - "name" : "[debian-lts-announce] 20180822 [SECURITY] [DLA 1475-1] tomcat-native security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00023.html" - }, - { - "name" : "RHSA-2018:2469", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2469" - }, - { - "name" : "RHSA-2018:2470", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2470" - }, - { - "name" : "104936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104936" - }, - { - "name" : "1041507", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Constraint Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[www-announce] 20180721 [SECURITY] CVE-2018-8019 Apache Tomcat Native Connector - Mishandled OCSP invalid response", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E" + }, + { + "name": "104936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104936" + }, + { + "name": "RHSA-2018:2469", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2469" + }, + { + "name": "[debian-lts-announce] 20180822 [SECURITY] [DLA 1475-1] tomcat-native security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00023.html" + }, + { + "name": "RHSA-2018:2470", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2470" + }, + { + "name": "1041507", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041507" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8184.json b/2018/8xxx/CVE-2018-8184.json index 6e35c8f5edf..fb04bee05fc 100644 --- a/2018/8xxx/CVE-2018-8184.json +++ b/2018/8xxx/CVE-2018-8184.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8184", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8184", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8317.json b/2018/8xxx/CVE-2018-8317.json index 67063fabc07..c5d61f09368 100644 --- a/2018/8xxx/CVE-2018-8317.json +++ b/2018/8xxx/CVE-2018-8317.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8317", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8317", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file