From 5dca79eadbc1df035553a4b3d4ac50ac28dc2391 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:17:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0503.json | 150 ++++++++-------- 2005/0xxx/CVE-2005-0669.json | 190 ++++++++++---------- 2005/0xxx/CVE-2005-0771.json | 180 +++++++++---------- 2005/0xxx/CVE-2005-0871.json | 150 ++++++++-------- 2005/2xxx/CVE-2005-2194.json | 180 +++++++++---------- 2005/2xxx/CVE-2005-2393.json | 130 +++++++------- 2005/2xxx/CVE-2005-2896.json | 150 ++++++++-------- 2005/3xxx/CVE-2005-3355.json | 200 ++++++++++----------- 2005/3xxx/CVE-2005-3563.json | 34 ++-- 2005/3xxx/CVE-2005-3684.json | 170 +++++++++--------- 2005/4xxx/CVE-2005-4465.json | 150 ++++++++-------- 2005/4xxx/CVE-2005-4589.json | 170 +++++++++--------- 2005/4xxx/CVE-2005-4626.json | 120 ++++++------- 2009/0xxx/CVE-2009-0304.json | 190 ++++++++++---------- 2009/0xxx/CVE-2009-0440.json | 160 ++++++++--------- 2009/0xxx/CVE-2009-0519.json | 320 +++++++++++++++++----------------- 2009/0xxx/CVE-2009-0798.json | 310 ++++++++++++++++----------------- 2009/3xxx/CVE-2009-3279.json | 140 +++++++-------- 2009/3xxx/CVE-2009-3537.json | 150 ++++++++-------- 2009/3xxx/CVE-2009-3816.json | 140 +++++++-------- 2009/4xxx/CVE-2009-4595.json | 120 ++++++------- 2009/4xxx/CVE-2009-4922.json | 120 ++++++------- 2009/4xxx/CVE-2009-4931.json | 140 +++++++-------- 2012/2xxx/CVE-2012-2043.json | 120 ++++++------- 2012/2xxx/CVE-2012-2648.json | 130 +++++++------- 2012/2xxx/CVE-2012-2867.json | 170 +++++++++--------- 2015/0xxx/CVE-2015-0243.json | 34 ++-- 2015/0xxx/CVE-2015-0366.json | 150 ++++++++-------- 2015/0xxx/CVE-2015-0708.json | 130 +++++++------- 2015/1xxx/CVE-2015-1437.json | 180 +++++++++---------- 2015/5xxx/CVE-2015-5272.json | 150 ++++++++-------- 2015/5xxx/CVE-2015-5484.json | 34 ++-- 2015/5xxx/CVE-2015-5517.json | 34 ++-- 2015/5xxx/CVE-2015-5763.json | 150 ++++++++-------- 2018/3xxx/CVE-2018-3237.json | 182 +++++++++---------- 2018/3xxx/CVE-2018-3415.json | 34 ++-- 2018/3xxx/CVE-2018-3556.json | 34 ++-- 2018/3xxx/CVE-2018-3732.json | 132 +++++++------- 2018/3xxx/CVE-2018-3808.json | 34 ++-- 2018/3xxx/CVE-2018-3959.json | 122 ++++++------- 2018/7xxx/CVE-2018-7088.json | 34 ++-- 2018/7xxx/CVE-2018-7141.json | 34 ++-- 2018/7xxx/CVE-2018-7269.json | 120 ++++++------- 2018/7xxx/CVE-2018-7372.json | 34 ++-- 2018/7xxx/CVE-2018-7693.json | 34 ++-- 2018/8xxx/CVE-2018-8335.json | 326 +++++++++++++++++------------------ 2018/8xxx/CVE-2018-8649.json | 162 ++++++++--------- 2018/8xxx/CVE-2018-8941.json | 120 ++++++------- 48 files changed, 3224 insertions(+), 3224 deletions(-) diff --git a/2005/0xxx/CVE-2005-0503.json b/2005/0xxx/CVE-2005-0503.json index 23c10154ed8..4a2f2718d79 100644 --- a/2005/0xxx/CVE-2005-0503.json +++ b/2005/0xxx/CVE-2005-0503.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[uim] 20050220 uim 0.4.5.1 released", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/uim/2005-February/000996.html" - }, - { - "name" : "MDKSA-2005:046", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:046" - }, - { - "name" : "12604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12604" - }, - { - "name" : "13981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[uim] 20050220 uim 0.4.5.1 released", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/uim/2005-February/000996.html" + }, + { + "name": "MDKSA-2005:046", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:046" + }, + { + "name": "12604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12604" + }, + { + "name": "13981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13981" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0669.json b/2005/0xxx/CVE-2005-0669.json index 65307e3a391..3646773f1d7 100644 --- a/2005/0xxx/CVE-2005-0669.json +++ b/2005/0xxx/CVE-2005-0669.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html" - }, - { - "name" : "http://forums.phpcoin.com/index.php?showtopic=4118", - "refsource" : "CONFIRM", - "url" : "http://forums.phpcoin.com/index.php?showtopic=4118" - }, - { - "name" : "http://forums.phpcoin.com/index.php?showtopic=4116", - "refsource" : "CONFIRM", - "url" : "http://forums.phpcoin.com/index.php?showtopic=4116" - }, - { - "name" : "http://forums.phpcoin.com/index.php?showtopic=4101", - "refsource" : "CONFIRM", - "url" : "http://forums.phpcoin.com/index.php?showtopic=4101" - }, - { - "name" : "12686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12686" - }, - { - "name" : "1013329", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013329" - }, - { - "name" : "14439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14439" - }, - { - "name" : "phpcoin-id-sql-injection(19571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14439" + }, + { + "name": "http://forums.phpcoin.com/index.php?showtopic=4118", + "refsource": "CONFIRM", + "url": "http://forums.phpcoin.com/index.php?showtopic=4118" + }, + { + "name": "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html" + }, + { + "name": "phpcoin-id-sql-injection(19571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19571" + }, + { + "name": "http://forums.phpcoin.com/index.php?showtopic=4101", + "refsource": "CONFIRM", + "url": "http://forums.phpcoin.com/index.php?showtopic=4101" + }, + { + "name": "1013329", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013329" + }, + { + "name": "12686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12686" + }, + { + "name": "http://forums.phpcoin.com/index.php?showtopic=4116", + "refsource": "CONFIRM", + "url": "http://forums.phpcoin.com/index.php?showtopic=4116" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0771.json b/2005/0xxx/CVE-2005-0771.json index b5000244b0f..7422e63b970 100644 --- a/2005/0xxx/CVE-2005-0771.json +++ b/2005/0xxx/CVE-2005-0771.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050623 Veritas Backup Exec Server Remote Registry Access Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=269&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "http://seer.support.veritas.com/docs/276605.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/276605.htm" - }, - { - "name" : "http://seer.support.veritas.com/docs/277429.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/277429.htm" - }, - { - "name" : "TA05-180A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-180A.html" - }, - { - "name" : "VU#584505", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/584505" - }, - { - "name" : "1014273", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014273" - }, - { - "name" : "15789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014273", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014273" + }, + { + "name": "http://seer.support.veritas.com/docs/277429.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/277429.htm" + }, + { + "name": "VU#584505", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/584505" + }, + { + "name": "20050623 Veritas Backup Exec Server Remote Registry Access Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=269&type=vulnerabilities&flashstatus=true" + }, + { + "name": "http://seer.support.veritas.com/docs/276605.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/276605.htm" + }, + { + "name": "TA05-180A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-180A.html" + }, + { + "name": "15789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15789" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0871.json b/2005/0xxx/CVE-2005-0871.json index 0203f736232..d1793f42dcb 100644 --- a/2005/0xxx/CVE-2005-0871.json +++ b/2005/0xxx/CVE-2005-0871.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050324 Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111168190630576&w=2" - }, - { - "name" : "1013554", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013554" - }, - { - "name" : "14659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14659" - }, - { - "name" : "topic-calendar-path-disclosure(19824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "topic-calendar-path-disclosure(19824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19824" + }, + { + "name": "20050324 Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111168190630576&w=2" + }, + { + "name": "14659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14659" + }, + { + "name": "1013554", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013554" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2194.json b/2005/2xxx/CVE-2005-2194.json index 182625ae3dd..7aae4d02513 100644 --- a/2005/2xxx/CVE-2005-2194.json +++ b/2005/2xxx/CVE-2005-2194.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=301948", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=301948" - }, - { - "name" : "APPLE-SA-2005-07-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2005/Jul/msg00000.html" - }, - { - "name" : "14241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14241" - }, - { - "name" : "17880", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17880" - }, - { - "name" : "1014464", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014464" - }, - { - "name" : "16047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16047" - }, - { - "name" : "macos-tcpip-dos(21335)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16047" + }, + { + "name": "macos-tcpip-dos(21335)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21335" + }, + { + "name": "14241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14241" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=301948", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=301948" + }, + { + "name": "1014464", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014464" + }, + { + "name": "APPLE-SA-2005-07-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2005/Jul/msg00000.html" + }, + { + "name": "17880", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17880" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2393.json b/2005/2xxx/CVE-2005-2393.json index 2db8b3f0a43..f78eccd5558 100644 --- a/2005/2xxx/CVE-2005-2393.json +++ b/2005/2xxx/CVE-2005-2393.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1014514", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014514" - }, - { - "name" : "16129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16129" + }, + { + "name": "1014514", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014514" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2896.json b/2005/2xxx/CVE-2005-2896.json index 65592fd1951..0d85c305473 100644 --- a/2005/2xxx/CVE-2005-2896.json +++ b/2005/2xxx/CVE-2005-2896.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050907 [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112611504519410&w=2" - }, - { - "name" : "14776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14776" - }, - { - "name" : "16727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16727/" - }, - { - "name" : "web-news-sql-injection(22179)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050907 [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112611504519410&w=2" + }, + { + "name": "16727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16727/" + }, + { + "name": "web-news-sql-injection(22179)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22179" + }, + { + "name": "14776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14776" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3355.json b/2005/3xxx/CVE-2005-3355.json index 71dc5b5e8eb..67136f1a280 100644 --- a/2005/3xxx/CVE-2005-3355.json +++ b/2005/3xxx/CVE-2005-3355.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via \"CGI parameters, and cookie values\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gnu.org/software/gnump3d/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.gnu.org/software/gnump3d/ChangeLog" - }, - { - "name" : "DSA-901", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-901" - }, - { - "name" : "GLSA-200511-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml" - }, - { - "name" : "SUSE-SR:2005:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_28_sr.html" - }, - { - "name" : "15496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15496" - }, - { - "name" : "ADV-2005-2489", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2489" - }, - { - "name" : "17646", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17646" - }, - { - "name" : "17647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17647" - }, - { - "name" : "17656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via \"CGI parameters, and cookie values\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2005:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html" + }, + { + "name": "17647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17647" + }, + { + "name": "ADV-2005-2489", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2489" + }, + { + "name": "GLSA-200511-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml" + }, + { + "name": "http://www.gnu.org/software/gnump3d/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.gnu.org/software/gnump3d/ChangeLog" + }, + { + "name": "15496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15496" + }, + { + "name": "17646", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17646" + }, + { + "name": "17656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17656" + }, + { + "name": "DSA-901", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-901" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3563.json b/2005/3xxx/CVE-2005-3563.json index bfa68d6eec8..ea87b7a36c3 100644 --- a/2005/3xxx/CVE-2005-3563.json +++ b/2005/3xxx/CVE-2005-3563.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3563", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2956. Reason: This candidate is a duplicate of CVE-2005-2956. Notes: All CVE users should reference CVE-2005-2956 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-3563", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2956. Reason: This candidate is a duplicate of CVE-2005-2956. Notes: All CVE users should reference CVE-2005-2956 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3684.json b/2005/3xxx/CVE-2005-3684.json index 4b0b3cb4313..57e5e918ede 100644 --- a/2005/3xxx/CVE-2005-3684.json +++ b/2005/3xxx/CVE-2005-3684.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051117 freeftpd MKD buffer overflow etc...", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113222358007499&w=2" - }, - { - "name" : "15486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15486" - }, - { - "name" : "ADV-2005-2471", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2471" - }, - { - "name" : "20909", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20909" - }, - { - "name" : "17624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17624" - }, - { - "name" : "freeftpd-multiple-command-bo(23118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15486" + }, + { + "name": "ADV-2005-2471", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2471" + }, + { + "name": "freeftpd-multiple-command-bo(23118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118" + }, + { + "name": "20909", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20909" + }, + { + "name": "17624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17624" + }, + { + "name": "20051117 freeftpd MKD buffer overflow etc...", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113222358007499&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4465.json b/2005/4xxx/CVE-2005-4465.json index 9460e444c0a..80b2dc40352 100644 --- a/2005/4xxx/CVE-2005-4465.json +++ b/2005/4xxx/CVE-2005-4465.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sw.nec.co.jp/ixseries/ix1k2k/Support/CERT/NISCC273756.html", - "refsource" : "CONFIRM", - "url" : "http://www.sw.nec.co.jp/ixseries/ix1k2k/Support/CERT/NISCC273756.html" - }, - { - "name" : "16027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16027" - }, - { - "name" : "ADV-2005-3028", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3028" - }, - { - "name" : "18166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-3028", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3028" + }, + { + "name": "http://www.sw.nec.co.jp/ixseries/ix1k2k/Support/CERT/NISCC273756.html", + "refsource": "CONFIRM", + "url": "http://www.sw.nec.co.jp/ixseries/ix1k2k/Support/CERT/NISCC273756.html" + }, + { + "name": "18166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18166" + }, + { + "name": "16027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16027" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4589.json b/2005/4xxx/CVE-2005-4589.json index 31e77a3218f..2c92fe0df9b 100644 --- a/2005/4xxx/CVE-2005-4589.json +++ b/2005/4xxx/CVE-2005-4589.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the registry in plaintext, which allows local users to obtain the passcode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051224 Airscanner Mobile Security Advisory #0508310 Spb Kiosk Engine Administrator Password & Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420258/100/0/threaded" - }, - { - "name" : "http://www.airscanner.com/security/05083101_kioskpass.htm", - "refsource" : "MISC", - "url" : "http://www.airscanner.com/security/05083101_kioskpass.htm" - }, - { - "name" : "22033", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22033" - }, - { - "name" : "1015413", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015413" - }, - { - "name" : "18243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18243" - }, - { - "name" : "spbkioskengine-plaintext-password(23894)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the registry in plaintext, which allows local users to obtain the passcode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015413", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015413" + }, + { + "name": "22033", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22033" + }, + { + "name": "spbkioskengine-plaintext-password(23894)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23894" + }, + { + "name": "http://www.airscanner.com/security/05083101_kioskpass.htm", + "refsource": "MISC", + "url": "http://www.airscanner.com/security/05083101_kioskpass.htm" + }, + { + "name": "18243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18243" + }, + { + "name": "20051224 Airscanner Mobile Security Advisory #0508310 Spb Kiosk Engine Administrator Password & Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420258/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4626.json b/2005/4xxx/CVE-2005-4626.json index 8c6895e5262..f26b827d347 100644 --- a/2005/4xxx/CVE-2005-4626.json +++ b/2005/4xxx/CVE-2005-4626.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051231 Recruitment Software allows MySQL credentials disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420700/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051231 Recruitment Software allows MySQL credentials disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420700/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0304.json b/2009/0xxx/CVE-2009-0304.json index 8544a05ee32..caff9f69cdd 100644 --- a/2009/0xxx/CVE-2009-0304.json +++ b/2009/0xxx/CVE-2009-0304.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an \"insufficient validation security vulnerability,\" as demonstrated by SunOSipv6.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090126 Solaris Devs Are Smoking Pot", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2009-January/067709.html" - }, - { - "name" : "7865", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7865" - }, - { - "name" : "251006", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251006-1" - }, - { - "name" : "33435", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33435" - }, - { - "name" : "ADV-2009-0232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0232" - }, - { - "name" : "1021635", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021635" - }, - { - "name" : "33605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33605" - }, - { - "name" : "sun-solaris-ipv6packets-dos(48208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an \"insufficient validation security vulnerability,\" as demonstrated by SunOSipv6.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sun-solaris-ipv6packets-dos(48208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48208" + }, + { + "name": "33605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33605" + }, + { + "name": "ADV-2009-0232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0232" + }, + { + "name": "33435", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33435" + }, + { + "name": "7865", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7865" + }, + { + "name": "1021635", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021635" + }, + { + "name": "20090126 Solaris Devs Are Smoking Pot", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-January/067709.html" + }, + { + "name": "251006", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251006-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0440.json b/2009/0xxx/CVE-2009-0440.json index 20360e22f6f..931214b8938 100644 --- a/2009/0xxx/CVE-2009-0440.json +++ b/2009/0xxx/CVE-2009-0440.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) \"altered service content\" and (2) \"digital signature foot-print.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21330341", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21330341" - }, - { - "name" : "JR31231", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231" - }, - { - "name" : "33839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33839" - }, - { - "name" : "33994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33994" - }, - { - "name" : "websphere-pgateway-rnif-signatures(48530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) \"altered service content\" and (2) \"digital signature foot-print.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "websphere-pgateway-rnif-signatures(48530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48530" + }, + { + "name": "33839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33839" + }, + { + "name": "33994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33994" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21330341", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21330341" + }, + { + "name": "JR31231", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0519.json b/2009/0xxx/CVE-2009-0519.json index 46b5a186f8d..96405684992 100644 --- a/2009/0xxx/CVE-2009-0519.json +++ b/2009/0xxx/CVE-2009-0519.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://isc.sans.org/diary.html?storyid=5929", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=5929" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-01.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487141", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487141" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "GLSA-200903-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml" - }, - { - "name" : "RHSA-2009:0332", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0332.html" - }, - { - "name" : "RHSA-2009:0334", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0334.html" - }, - { - "name" : "254909", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "33890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33890" - }, - { - "name" : "oval:org.mitre.oval:def:6470", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6470" - }, - { - "name" : "oval:org.mitre.oval:def:15837", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15837" - }, - { - "name" : "34012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34012" - }, - { - "name" : "34293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34293" - }, - { - "name" : "34226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34226" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2009-0513", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0513" - }, - { - "name" : "ADV-2009-0743", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0743" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "flash-swf-unspecified-dos(48900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://isc.sans.org/diary.html?storyid=5929", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=5929" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487141", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141" + }, + { + "name": "oval:org.mitre.oval:def:15837", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15837" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "RHSA-2009:0332", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "34226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34226" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:6470", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6470" + }, + { + "name": "ADV-2009-0743", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0743" + }, + { + "name": "flash-swf-unspecified-dos(48900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48900" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" + }, + { + "name": "ADV-2009-0513", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0513" + }, + { + "name": "GLSA-200903-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "34293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34293" + }, + { + "name": "33890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33890" + }, + { + "name": "254909", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" + }, + { + "name": "RHSA-2009:0334", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" + }, + { + "name": "34012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34012" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0798.json b/2009/0xxx/CVE-2009-0798.json index 541842bab0f..59d951f0887 100644 --- a/2009/0xxx/CVE-2009-0798.json +++ b/2009/0xxx/CVE-2009-0798.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=494443", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=494443" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=502583", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=502583" - }, - { - "name" : "DSA-1786", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1786" - }, - { - "name" : "FEDORA-2009-5578", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01342.html" - }, - { - "name" : "FEDORA-2009-5608", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01365.html" - }, - { - "name" : "GLSA-200905-06", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200905-06.xml" - }, - { - "name" : "MDVSA-2009:107", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:107" - }, - { - "name" : "RHSA-2009:0474", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0474.html" - }, - { - "name" : "USN-766-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-766-1" - }, - { - "name" : "34692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34692" - }, - { - "name" : "oval:org.mitre.oval:def:7560", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7560" - }, - { - "name" : "oval:org.mitre.oval:def:9955", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9955" - }, - { - "name" : "1022182", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022182" - }, - { - "name" : "34838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34838" - }, - { - "name" : "34914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34914" - }, - { - "name" : "34918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34918" - }, - { - "name" : "35010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35010" - }, - { - "name" : "35209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35209" - }, - { - "name" : "35231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35231" - }, - { - "name" : "acpid-socket-dos(50060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-766-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-766-1" + }, + { + "name": "acpid-socket-dos(50060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50060" + }, + { + "name": "RHSA-2009:0474", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0474.html" + }, + { + "name": "34838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34838" + }, + { + "name": "1022182", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022182" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=494443", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=494443" + }, + { + "name": "GLSA-200905-06", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-06.xml" + }, + { + "name": "34918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34918" + }, + { + "name": "oval:org.mitre.oval:def:7560", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7560" + }, + { + "name": "34914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34914" + }, + { + "name": "35209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35209" + }, + { + "name": "FEDORA-2009-5608", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01365.html" + }, + { + "name": "34692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34692" + }, + { + "name": "DSA-1786", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1786" + }, + { + "name": "MDVSA-2009:107", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:107" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=502583", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=502583" + }, + { + "name": "35231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35231" + }, + { + "name": "35010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35010" + }, + { + "name": "FEDORA-2009-5578", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01342.html" + }, + { + "name": "oval:org.mitre.oval:def:9955", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9955" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3279.json b/2009/3xxx/CVE-2009-3279.json index 634eb68f8d6..e4786500762 100644 --- a/2009/3xxx/CVE-2009-3279.json +++ b/2009/3xxx/CVE-2009-3279.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090918 Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506607/100/0/threaded" - }, - { - "name" : "http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt", - "refsource" : "MISC", - "url" : "http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt" - }, - { - "name" : "36793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt", + "refsource": "MISC", + "url": "http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt" + }, + { + "name": "36793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36793" + }, + { + "name": "20090918 Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506607/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3537.json b/2009/3xxx/CVE-2009-3537.json index f59739a848d..ed4f4b8de5e 100644 --- a/2009/3xxx/CVE-2009-3537.json +++ b/2009/3xxx/CVE-2009-3537.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9201", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9201" - }, - { - "name" : "35878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35878" - }, - { - "name" : "ADV-2009-1956", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1956" - }, - { - "name" : "epicdj-mpl-m3u-bo(51825)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35878" + }, + { + "name": "9201", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9201" + }, + { + "name": "epicdj-mpl-m3u-bo(51825)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51825" + }, + { + "name": "ADV-2009-1956", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1956" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3816.json b/2009/3xxx/CVE-2009-3816.json index a2fa57938c5..2082a93c1da 100644 --- a/2009/3xxx/CVE-2009-3816.json +++ b/2009/3xxx/CVE-2009-3816.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024303", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024303" - }, - { - "name" : "LO43637", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO43637" - }, - { - "name" : "37106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37106" + }, + { + "name": "LO43637", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO43637" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24024303", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024303" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4595.json b/2009/4xxx/CVE-2009-4595.json index c3c6df5a993..174e7a1997b 100644 --- a/2009/4xxx/CVE-2009-4595.json +++ b/2009/4xxx/CVE-2009-4595.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37672" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4922.json b/2009/4xxx/CVE-2009-4922.json index 451007f5f91..d69dd0259f3 100644 --- a/2009/4xxx/CVE-2009-4922.json +++ b/2009/4xxx/CVE-2009-4922.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4931.json b/2009/4xxx/CVE-2009-4931.json index 5540e37cff1..9399a5f636b 100644 --- a/2009/4xxx/CVE-2009-4931.json +++ b/2009/4xxx/CVE-2009-4931.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8485", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8485" - }, - { - "name" : "34621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34621" - }, - { - "name" : "groovymediaplayer-m3u-bo(49965)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34621" + }, + { + "name": "8485", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8485" + }, + { + "name": "groovymediaplayer-m3u-bo(49965)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49965" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2043.json b/2012/2xxx/CVE-2012-2043.json index 96db9cd9533..1e55db38db4 100644 --- a/2012/2xxx/CVE-2012-2043.json +++ b/2012/2xxx/CVE-2012-2043.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-2043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-17.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-17.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-17.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2648.json b/2012/2xxx/CVE-2012-2648.json index a61e3b25497..5a20640cbe5 100644 --- a/2012/2xxx/CVE-2012-2648.json +++ b/2012/2xxx/CVE-2012-2648.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-2648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#01598734", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN01598734/index.html" - }, - { - "name" : "JVNDB-2012-000073", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#01598734", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN01598734/index.html" + }, + { + "name": "JVNDB-2012-000073", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2867.json b/2012/2xxx/CVE-2012-2867.json index 9016f1757ab..350dbab0c99 100644 --- a/2012/2xxx/CVE-2012-2867.json +++ b/2012/2xxx/CVE-2012-2867.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=135485", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=135485" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html" - }, - { - "name" : "openSUSE-SU-2012:1215", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html" - }, - { - "name" : "85032", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85032" - }, - { - "name" : "oval:org.mitre.oval:def:15130", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15130" - }, - { - "name" : "chrome-spdy-dos(78176)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html" + }, + { + "name": "oval:org.mitre.oval:def:15130", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15130" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=135485", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=135485" + }, + { + "name": "chrome-spdy-dos(78176)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78176" + }, + { + "name": "openSUSE-SU-2012:1215", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html" + }, + { + "name": "85032", + "refsource": "OSVDB", + "url": "http://osvdb.org/85032" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0243.json b/2015/0xxx/CVE-2015-0243.json index 0213c92f0a8..831b3b1346a 100644 --- a/2015/0xxx/CVE-2015-0243.json +++ b/2015/0xxx/CVE-2015-0243.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0243", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0243", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0366.json b/2015/0xxx/CVE-2015-0366.json index 97d4870bc73..a53c7b3ba7c 100644 --- a/2015/0xxx/CVE-2015-0366.json +++ b/2015/0xxx/CVE-2015-0366.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a different vulnerability than CVE-2014-0369." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72180" - }, - { - "name" : "1031578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031578" - }, - { - "name" : "oracle-cpujan2015-cve20150366(100118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a different vulnerability than CVE-2014-0369." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "72180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72180" + }, + { + "name": "1031578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031578" + }, + { + "name": "oracle-cpujan2015-cve20150366(100118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100118" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0708.json b/2015/0xxx/CVE-2015-0708.json index a49dc83b90d..e6ffd90f1cf 100644 --- a/2015/0xxx/CVE-2015-0708.json +++ b/2015/0xxx/CVE-2015-0708.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150428 Cisco IOS Software and Cisco IOS XE Software Crafted DHCPv6 Sequence Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38543" - }, - { - "name" : "1032210", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150428 Cisco IOS Software and Cisco IOS XE Software Crafted DHCPv6 Sequence Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38543" + }, + { + "name": "1032210", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032210" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1437.json b/2015/1xxx/CVE-2015-1437.json index c141f2028d5..e7d61d16957 100644 --- a/2015/1xxx/CVE-2015-1437.json +++ b/2015/1xxx/CVE-2015-1437.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150129 Reflected XSS vulnarbility in Asus RT-N10 Plus Router", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534579/100/0/threaded" - }, - { - "name" : "20150129 Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534580/100/0/threaded" - }, - { - "name" : "20150203 CVE-2015-1437 XSS In ASUS Router.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534612/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html" - }, - { - "name" : "72369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72369" - }, - { - "name" : "asus-rtn10-errorpage-xss(100563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100563" - }, - { - "name" : "asus-rtn10-resultstatus-xss(100566)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "asus-rtn10-errorpage-xss(100563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100563" + }, + { + "name": "http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html" + }, + { + "name": "20150203 CVE-2015-1437 XSS In ASUS Router.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534612/100/0/threaded" + }, + { + "name": "asus-rtn10-resultstatus-xss(100566)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100566" + }, + { + "name": "72369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72369" + }, + { + "name": "20150129 Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534580/100/0/threaded" + }, + { + "name": "20150129 Reflected XSS vulnarbility in Asus RT-N10 Plus Router", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534579/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5272.json b/2015/5xxx/CVE-2015-5272.json index 05cdf5d966f..a5e52c42120 100644 --- a/2015/5xxx/CVE-2015-5272.json +++ b/2015/5xxx/CVE-2015-5272.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to \"all participants.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150921 Moodle security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=320288", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=320288" - }, - { - "name" : "1033619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to \"all participants.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150921 Moodle security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=320288", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=320288" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576" + }, + { + "name": "1033619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033619" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5484.json b/2015/5xxx/CVE-2015-5484.json index 7c54bbfe610..663fc708db3 100644 --- a/2015/5xxx/CVE-2015-5484.json +++ b/2015/5xxx/CVE-2015-5484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5517.json b/2015/5xxx/CVE-2015-5517.json index 37298b108c9..9ac9c90a2f9 100644 --- a/2015/5xxx/CVE-2015-5517.json +++ b/2015/5xxx/CVE-2015-5517.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5517", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5517", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5763.json b/2015/5xxx/CVE-2015-5763.json index 01b7d3b7841..beb301991a1 100644 --- a/2015/5xxx/CVE-2015-5763.json +++ b/2015/5xxx/CVE-2015-5763.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "76340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76340" - }, - { - "name" : "1033276", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76340" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "1033276", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033276" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3237.json b/2018/3xxx/CVE-2018-3237.json index de5e582382c..7a82fe9ea93 100644 --- a/2018/3xxx/CVE-2018-3237.json +++ b/2018/3xxx/CVE-2018-3237.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Applications Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Support Cart). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105620" - }, - { - "name" : "1041897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Support Cart). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041897" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105620" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3415.json b/2018/3xxx/CVE-2018-3415.json index 8788d4fb802..4dbcd88f4e2 100644 --- a/2018/3xxx/CVE-2018-3415.json +++ b/2018/3xxx/CVE-2018-3415.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3415", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3415", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3556.json b/2018/3xxx/CVE-2018-3556.json index 7d8c8b8cc68..3f9ce37c0ad 100644 --- a/2018/3xxx/CVE-2018-3556.json +++ b/2018/3xxx/CVE-2018-3556.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3556", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3556", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3732.json b/2018/3xxx/CVE-2018-3732.json index 2266f75fdc1..72ce6361c50 100644 --- a/2018/3xxx/CVE-2018-3732.json +++ b/2018/3xxx/CVE-2018-3732.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "resolve-path node module", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 1.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "resolve-path node module", + "version": { + "version_data": [ + { + "version_value": "Versions before 1.4.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pillarjs/resolve-path/commit/fe5b8052cafd35fcdafe9210e100e9050b37d2a0", - "refsource" : "MISC", - "url" : "https://github.com/pillarjs/resolve-path/commit/fe5b8052cafd35fcdafe9210e100e9050b37d2a0" - }, - { - "name" : "https://hackerone.com/reports/315760", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/315760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pillarjs/resolve-path/commit/fe5b8052cafd35fcdafe9210e100e9050b37d2a0", + "refsource": "MISC", + "url": "https://github.com/pillarjs/resolve-path/commit/fe5b8052cafd35fcdafe9210e100e9050b37d2a0" + }, + { + "name": "https://hackerone.com/reports/315760", + "refsource": "MISC", + "url": "https://hackerone.com/reports/315760" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3808.json b/2018/3xxx/CVE-2018-3808.json index 479440b874b..4c9a37093d6 100644 --- a/2018/3xxx/CVE-2018-3808.json +++ b/2018/3xxx/CVE-2018-3808.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3808", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3808", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3959.json b/2018/3xxx/CVE-2018-3959.json index b2c5d41660f..77587219673 100644 --- a/2018/3xxx/CVE-2018-3959.json +++ b/2018/3xxx/CVE-2018-3959.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit PDF Reader", - "version" : { - "version_data" : [ - { - "version_value" : "Foxit Software Foxit PDF Reader 9.1.0.5096." - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit PDF Reader", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.1.0.5096." + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7088.json b/2018/7xxx/CVE-2018-7088.json index 9eef0c543cd..f6bb6489a18 100644 --- a/2018/7xxx/CVE-2018-7088.json +++ b/2018/7xxx/CVE-2018-7088.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7088", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7088", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7141.json b/2018/7xxx/CVE-2018-7141.json index 5eef414f5ed..30491620d32 100644 --- a/2018/7xxx/CVE-2018-7141.json +++ b/2018/7xxx/CVE-2018-7141.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7141", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7141", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7269.json b/2018/7xxx/CVE-2018-7269.json index 9de6faf7fa0..cc298992fcf 100644 --- a/2018/7xxx/CVE-2018-7269.json +++ b/2018/7xxx/CVE-2018-7269.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/", - "refsource" : "CONFIRM", - "url" : "http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/", + "refsource": "CONFIRM", + "url": "http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7372.json b/2018/7xxx/CVE-2018-7372.json index ff3599a0307..b843a00991a 100644 --- a/2018/7xxx/CVE-2018-7372.json +++ b/2018/7xxx/CVE-2018-7372.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7372", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7372", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7693.json b/2018/7xxx/CVE-2018-7693.json index 7415d0582f7..9c532b49bf8 100644 --- a/2018/7xxx/CVE-2018-7693.json +++ b/2018/7xxx/CVE-2018-7693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7693", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7693", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8335.json b/2018/8xxx/CVE-2018-8335.json index 8394328a29f..84efe0a3fda 100644 --- a/2018/8xxx/CVE-2018-8335.json +++ b/2018/8xxx/CVE-2018-8335.json @@ -1,165 +1,165 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8335", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8335" - }, - { - "name" : "105224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105224" - }, - { - "name" : "1041634", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041634", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041634" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8335", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8335" + }, + { + "name": "105224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105224" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8649.json b/2018/8xxx/CVE-2018-8649.json index 86261dac034..c32af4b672d 100644 --- a/2018/8xxx/CVE-2018-8649.json +++ b/2018/8xxx/CVE-2018-8649.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka \"Windows Denial of Service Vulnerability.\" This affects Windows 10, Windows Server 2019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8649", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8649" - }, - { - "name" : "106091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka \"Windows Denial of Service Vulnerability.\" This affects Windows 10, Windows Server 2019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8649", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8649" + }, + { + "name": "106091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106091" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8941.json b/2018/8xxx/CVE-2018-8941.json index 665b04abb56..03c5834d7f3 100644 --- a/2018/8xxx/CVE-2018-8941.json +++ b/2018/8xxx/CVE-2018-8941.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SECFORCE/CVE-2018-8941", - "refsource" : "MISC", - "url" : "https://github.com/SECFORCE/CVE-2018-8941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SECFORCE/CVE-2018-8941", + "refsource": "MISC", + "url": "https://github.com/SECFORCE/CVE-2018-8941" + } + ] + } +} \ No newline at end of file