diff --git a/2005/0xxx/CVE-2005-0266.json b/2005/0xxx/CVE-2005-0266.json index 56a6e974b04..6be703337c5 100644 --- a/2005/0xxx/CVE-2005-0266.json +++ b/2005/0xxx/CVE-2005-0266.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050101 Cross Site Scripting Vulnerabilities and Possible Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110461706232174&w=2" - }, - { - "name" : "12113", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12113" - }, - { - "name" : "sugar-sales-index-xss(18719)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050101 Cross Site Scripting Vulnerabilities and Possible Code Execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110461706232174&w=2" + }, + { + "name": "12113", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12113" + }, + { + "name": "sugar-sales-index-xss(18719)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18719" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0413.json b/2005/0xxx/CVE-2005-0413.json index 5c92e6582c6..963d2525983 100644 --- a/2005/0xxx/CVE-2005-0413.json +++ b/2005/0xxx/CVE-2005-0413.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050209 Several SQL injection bugs in myPHP Forum v.1.0", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Feb/0125.html" - }, - { - "name" : "4822", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4822" - }, - { - "name" : "12501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12501" - }, - { - "name" : "27083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27083" - }, - { - "name" : "1013136", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013136" - }, - { - "name" : "14205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14205" - }, - { - "name" : "myphpforum-multiple-sql-injection(19272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19272" - }, - { - "name" : "myphpforum-member-sql-injection(39348)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12501" + }, + { + "name": "4822", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4822" + }, + { + "name": "27083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27083" + }, + { + "name": "myphpforum-multiple-sql-injection(19272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19272" + }, + { + "name": "20050209 Several SQL injection bugs in myPHP Forum v.1.0", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Feb/0125.html" + }, + { + "name": "1013136", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013136" + }, + { + "name": "myphpforum-member-sql-injection(39348)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39348" + }, + { + "name": "14205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14205" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0802.json b/2005/0xxx/CVE-2005-0802.json index 3ca5a6b3c97..8c76fb63d2b 100644 --- a/2005/0xxx/CVE-2005-0802.json +++ b/2005/0xxx/CVE-2005-0802.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050317 XSS in ACS blog", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111108840811698&w=2" - }, - { - "name" : "12836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12836" - }, - { - "name" : "14861", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14861" - }, - { - "name" : "1013470", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013470" - }, - { - "name" : "14625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14625/" - }, - { - "name" : "acs-blog-search-xss(19728)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14861", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14861" + }, + { + "name": "acs-blog-search-xss(19728)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19728" + }, + { + "name": "1013470", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013470" + }, + { + "name": "12836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12836" + }, + { + "name": "14625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14625/" + }, + { + "name": "20050317 XSS in ACS blog", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111108840811698&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0977.json b/2005/0xxx/CVE-2005-0977.json index 0129a28388a..240bff7c6dc 100644 --- a/2005/0xxx/CVE-2005-0977.json +++ b/2005/0xxx/CVE-2005-0977.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FLSA:157459-3", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" - }, - { - "name" : "RHSA-2005:366", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html" - }, - { - "name" : "USN-103-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/103-1/" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg", - "refsource" : "CONFIRM", - "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg" - }, - { - "name" : "http://lkml.org/lkml/2005/2/5/111", - "refsource" : "CONFIRM", - "url" : "http://lkml.org/lkml/2005/2/5/111" - }, - { - "name" : "12970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12970" - }, - { - "name" : "oval:org.mitre.oval:def:10400", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10400", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10400" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg", + "refsource": "CONFIRM", + "url": "http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg" + }, + { + "name": "RHSA-2005:366", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-366.html" + }, + { + "name": "USN-103-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/103-1/" + }, + { + "name": "12970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12970" + }, + { + "name": "FLSA:157459-3", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded" + }, + { + "name": "http://lkml.org/lkml/2005/2/5/111", + "refsource": "CONFIRM", + "url": "http://lkml.org/lkml/2005/2/5/111" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1636.json b/2005/1xxx/CVE-2005-1636.json index 073ac0c30ce..b7535bfd63c 100644 --- a/2005/1xxx/CVE-2005-1636.json +++ b/2005/1xxx/CVE-2005-1636.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050517 MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=111632686805498&w=2" - }, - { - "name" : "http://www.zataz.net/adviso/mysql-05172005.txt", - "refsource" : "MISC", - "url" : "http://www.zataz.net/adviso/mysql-05172005.txt" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688" - }, - { - "name" : "MDKSA-2006:045", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:045" - }, - { - "name" : "RHSA-2005:685", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-685.html" - }, - { - "name" : "13660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13660" - }, - { - "name" : "oval:org.mitre.oval:def:9504", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9504" - }, - { - "name" : "15369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15369" - }, - { - "name" : "17080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zataz.net/adviso/mysql-05172005.txt", + "refsource": "MISC", + "url": "http://www.zataz.net/adviso/mysql-05172005.txt" + }, + { + "name": "15369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15369" + }, + { + "name": "17080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17080" + }, + { + "name": "20050517 MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=111632686805498&w=2" + }, + { + "name": "13660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13660" + }, + { + "name": "oval:org.mitre.oval:def:9504", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9504" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688" + }, + { + "name": "MDKSA-2006:045", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:045" + }, + { + "name": "RHSA-2005:685", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-685.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1846.json b/2005/1xxx/CVE-2005-1846.json index e32d93c8d59..8f324fdb6f6 100644 --- a/2005/1xxx/CVE-2005-1846.json +++ b/2005/1xxx/CVE-2005-1846.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2005-1846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html", - "refsource" : "CONFIRM", - "url" : "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html" - }, - { - "name" : "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html", - "refsource" : "CONFIRM", - "url" : "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html", + "refsource": "CONFIRM", + "url": "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html" + }, + { + "name": "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html", + "refsource": "CONFIRM", + "url": "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3096.json b/2005/3xxx/CVE-2005-3096.json index 2862d2f707d..2e9ded8022d 100644 --- a/2005/3xxx/CVE-2005-3096.json +++ b/2005/3xxx/CVE-2005-3096.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cirt.net/advisories/alkalay.shtml", - "refsource" : "MISC", - "url" : "http://www.cirt.net/advisories/alkalay.shtml" - }, - { - "name" : "http://www.alkalay.net/software", - "refsource" : "MISC", - "url" : "http://www.alkalay.net/software" - }, - { - "name" : "14893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14893" - }, - { - "name" : "ADV-2005-1809", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1809" - }, - { - "name" : "19520", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19520" - }, - { - "name" : "16880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16880" - }, - { - "name" : "nslookup-command-injection(22354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19520", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19520" + }, + { + "name": "http://www.cirt.net/advisories/alkalay.shtml", + "refsource": "MISC", + "url": "http://www.cirt.net/advisories/alkalay.shtml" + }, + { + "name": "16880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16880" + }, + { + "name": "http://www.alkalay.net/software", + "refsource": "MISC", + "url": "http://www.alkalay.net/software" + }, + { + "name": "14893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14893" + }, + { + "name": "nslookup-command-injection(22354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22354" + }, + { + "name": "ADV-2005-1809", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1809" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4022.json b/2005/4xxx/CVE-2005-4022.json index 01ecaece7ff..1409fcd122f 100644 --- a/2005/4xxx/CVE-2005-4022.json +++ b/2005/4xxx/CVE-2005-4022.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the \"Add Image From Web\" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051130 Gallery 2.x Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418200/100/0/threaded" - }, - { - "name" : "15614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15614" - }, - { - "name" : "ADV-2005-2681", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2681" - }, - { - "name" : "21221", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21221" - }, - { - "name" : "17747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the \"Add Image From Web\" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21221", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21221" + }, + { + "name": "17747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17747" + }, + { + "name": "15614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15614" + }, + { + "name": "20051130 Gallery 2.x Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded" + }, + { + "name": "ADV-2005-2681", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2681" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4300.json b/2005/4xxx/CVE-2005-4300.json index fe5278cfece..403e14e1cf6 100644 --- a/2005/4xxx/CVE-2005-4300.json +++ b/2005/4xxx/CVE-2005-4300.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051216 ZRCSA-200505: libremail - \"pop.c\" Format String Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419639/100/0/threaded" - }, - { - "name" : "15906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051216 ZRCSA-200505: libremail - \"pop.c\" Format String Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419639/100/0/threaded" + }, + { + "name": "15906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15906" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4343.json b/2005/4xxx/CVE-2005-4343.json index cabe285fb56..f64d084fe75 100644 --- a/2005/4xxx/CVE-2005-4343.json +++ b/2005/4xxx/CVE-2005-4343.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka \"CFMAIL injection Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html" - }, - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html" - }, - { - "name" : "15904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15904" - }, - { - "name" : "ADV-2005-2948", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2948" - }, - { - "name" : "1015369", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015369" - }, - { - "name" : "18078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka \"CFMAIL injection Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18078" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html" + }, + { + "name": "15904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15904" + }, + { + "name": "1015369", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015369" + }, + { + "name": "ADV-2005-2948", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2948" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4596.json b/2005/4xxx/CVE-2005-4596.json index 1aff8f0a78c..7ff1f4db8e1 100644 --- a/2005/4xxx/CVE-2005-4596.json +++ b/2005/4xxx/CVE-2005-4596.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/adesguestbook-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/adesguestbook-xss-vuln.html" - }, - { - "name" : "16090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16090" - }, - { - "name" : "22111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22111" - }, - { - "name" : "18244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18244" - }, - { - "name" : "adesguestbook-read-xss(23909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22111" + }, + { + "name": "18244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18244" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/adesguestbook-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/adesguestbook-xss-vuln.html" + }, + { + "name": "16090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16090" + }, + { + "name": "adesguestbook-read-xss(23909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23909" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4767.json b/2005/4xxx/CVE-2005-4767.json index a8f0ca21d6c..8999dd491f4 100644 --- a/2005/4xxx/CVE-2005-4767.json +++ b/2005/4xxx/CVE-2005-4767.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA05-107.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/161" - }, - { - "name" : "BEA06-107.01", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/178" - }, - { - "name" : "15052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15052" - }, - { - "name" : "17168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17168" - }, - { - "name" : "17138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15052" + }, + { + "name": "BEA05-107.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/161" + }, + { + "name": "17138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17138" + }, + { + "name": "BEA06-107.01", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/178" + }, + { + "name": "17168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17168" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0042.json b/2009/0xxx/CVE-2009-0042.json index 21ad7e9e78b..53ef311e903 100644 --- a/2009/0xxx/CVE-2009-0042.json +++ b/2009/0xxx/CVE-2009-0042.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500417/100/0/threaded" - }, - { - "name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx", - "refsource" : "CONFIRM", - "url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx" - }, - { - "name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601", - "refsource" : "CONFIRM", - "url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601" - }, - { - "name" : "33464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33464" - }, - { - "name" : "ADV-2009-0270", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0270" - }, - { - "name" : "1021639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021639" - }, - { - "name" : "ca-antivirus-engine-security-bypass(48261)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601", + "refsource": "CONFIRM", + "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601" + }, + { + "name": "ADV-2009-0270", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0270" + }, + { + "name": "ca-antivirus-engine-security-bypass(48261)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261" + }, + { + "name": "33464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33464" + }, + { + "name": "20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500417/100/0/threaded" + }, + { + "name": "1021639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021639" + }, + { + "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx", + "refsource": "CONFIRM", + "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0083.json b/2009/0xxx/CVE-2009-0083.json index 598a65199b1..76c87d90dce 100644 --- a/2009/0xxx/CVE-2009-0083.json +++ b/2009/0xxx/CVE-2009-0083.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka \"Windows Kernel Invalid Pointer Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=" - }, - { - "name" : "MS09-006", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-006" - }, - { - "name" : "TA09-069A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-069A.html" - }, - { - "name" : "34025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34025" - }, - { - "name" : "52524", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52524" - }, - { - "name" : "oval:org.mitre.oval:def:5440", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5440" - }, - { - "name" : "1021827", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021827" - }, - { - "name" : "34117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34117" - }, - { - "name" : "ADV-2009-0659", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka \"Windows Kernel Invalid Pointer Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA09-069A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-069A.html" + }, + { + "name": "MS09-006", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-006" + }, + { + "name": "34025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34025" + }, + { + "name": "1021827", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021827" + }, + { + "name": "34117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34117" + }, + { + "name": "oval:org.mitre.oval:def:5440", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5440" + }, + { + "name": "52524", + "refsource": "OSVDB", + "url": "http://osvdb.org/52524" + }, + { + "name": "ADV-2009-0659", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0659" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0182.json b/2009/0xxx/CVE-2009-0182.json index 680aea98036..5a4f711a3e3 100644 --- a/2009/0xxx/CVE-2009-0182.json +++ b/2009/0xxx/CVE-2009-0182.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7695", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7695" - }, - { - "name" : "4923", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4923" - }, - { - "name" : "vuplayer-fileline-bo(48170)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7695", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7695" + }, + { + "name": "vuplayer-fileline-bo(48170)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48170" + }, + { + "name": "4923", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4923" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0749.json b/2009/0xxx/CVE-2009-0749.json index 2748b1f42cc..e42a2eae1e8 100644 --- a/2009/0xxx/CVE-2009-0749.json +++ b/2009/0xxx/CVE-2009-0749.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090224 CVE request: optipng security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/24/2" - }, - { - "name" : "[oss-security] 20090225 Re: CVE request: optipng security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/25/4" - }, - { - "name" : "http://optipng.sourceforge.net", - "refsource" : "CONFIRM", - "url" : "http://optipng.sourceforge.net" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=2582013&group_id=151404&atid=780913", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=2582013&group_id=151404&atid=780913" - }, - { - "name" : "GLSA-200903-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200903-12.xml" - }, - { - "name" : "SUSE-SR:2009:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "33873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33873" - }, - { - "name" : "34035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34035" - }, - { - "name" : "34201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34201" - }, - { - "name" : "34259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34259" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "ADV-2009-0510", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0510" - }, - { - "name" : "optipng-gifreadnextextension-code-execution(48879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34201" + }, + { + "name": "34259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34259" + }, + { + "name": "34035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34035" + }, + { + "name": "33873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33873" + }, + { + "name": "SUSE-SR:2009:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" + }, + { + "name": "ADV-2009-0510", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0510" + }, + { + "name": "http://optipng.sourceforge.net", + "refsource": "CONFIRM", + "url": "http://optipng.sourceforge.net" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=2582013&group_id=151404&atid=780913", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=2582013&group_id=151404&atid=780913" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "[oss-security] 20090224 CVE request: optipng security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/24/2" + }, + { + "name": "[oss-security] 20090225 Re: CVE request: optipng security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/25/4" + }, + { + "name": "GLSA-200903-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-12.xml" + }, + { + "name": "optipng-gifreadnextextension-code-execution(48879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48879" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0872.json b/2009/0xxx/CVE-2009-0872.json index 436d11c400e..f8ca60d6d2a 100644 --- a/2009/0xxx/CVE-2009-0872.json +++ b/2009/0xxx/CVE-2009-0872.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm" - }, - { - "name" : "253588", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253588-1" - }, - { - "name" : "34063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34063" - }, - { - "name" : "52559", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52559" - }, - { - "name" : "1021833", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021833" - }, - { - "name" : "34213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34213" - }, - { - "name" : "34429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34429" - }, - { - "name" : "ADV-2009-0658", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0658" - }, - { - "name" : "ADV-2009-0798", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0798" - }, - { - "name" : "solaris-nfssec-unauthorized-access(49170)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "253588", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253588-1" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm" + }, + { + "name": "52559", + "refsource": "OSVDB", + "url": "http://osvdb.org/52559" + }, + { + "name": "1021833", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021833" + }, + { + "name": "solaris-nfssec-unauthorized-access(49170)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49170" + }, + { + "name": "ADV-2009-0658", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0658" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1" + }, + { + "name": "34063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34063" + }, + { + "name": "34429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34429" + }, + { + "name": "34213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34213" + }, + { + "name": "ADV-2009-0798", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0798" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0971.json b/2009/0xxx/CVE-2009-0971.json index f13a26df468..6f90da232b5 100644 --- a/2009/0xxx/CVE-2009-0971.json +++ b/2009/0xxx/CVE-2009-0971.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.futomi.com/library/info/2009/20090316.html", - "refsource" : "CONFIRM", - "url" : "http://www.futomi.com/library/info/2009/20090316.html" - }, - { - "name" : "JVN#23558374", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN23558374/index.html" - }, - { - "name" : "JVNDB-2009-000015", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000015.html" - }, - { - "name" : "34123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34123" - }, - { - "name" : "52802", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52802" - }, - { - "name" : "34271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34271" - }, - { - "name" : "ADV-2009-0737", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0737" - }, - { - "name" : "cgicafe-unspecified-xss(49264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.futomi.com/library/info/2009/20090316.html", + "refsource": "CONFIRM", + "url": "http://www.futomi.com/library/info/2009/20090316.html" + }, + { + "name": "34123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34123" + }, + { + "name": "34271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34271" + }, + { + "name": "JVNDB-2009-000015", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000015.html" + }, + { + "name": "ADV-2009-0737", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0737" + }, + { + "name": "52802", + "refsource": "OSVDB", + "url": "http://osvdb.org/52802" + }, + { + "name": "JVN#23558374", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN23558374/index.html" + }, + { + "name": "cgicafe-unspecified-xss(49264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49264" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1332.json b/2009/1xxx/CVE-2009-1332.json index fde462e80bd..7dedec8aa8b 100644 --- a/2009/1xxx/CVE-2009-1332.json +++ b/2009/1xxx/CVE-2009-1332.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "255848", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255848-1" - }, - { - "name" : "34548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34548" - }, - { - "name" : "53800", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53800" - }, - { - "name" : "34751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34751" - }, - { - "name" : "ADV-2009-1059", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34548" + }, + { + "name": "53800", + "refsource": "OSVDB", + "url": "http://osvdb.org/53800" + }, + { + "name": "ADV-2009-1059", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1059" + }, + { + "name": "34751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34751" + }, + { + "name": "255848", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255848-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1953.json b/2009/1xxx/CVE-2009-1953.json index db3c7ed798b..f40709c87d5 100644 --- a/2009/1xxx/CVE-2009-1953.json +++ b/2009/1xxx/CVE-2009-1953.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21389281", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21389281" - }, - { - "name" : "35228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35228" - }, - { - "name" : "35347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35347" - }, - { - "name" : "ADV-2009-1512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35228" + }, + { + "name": "35347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35347" + }, + { + "name": "ADV-2009-1512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1512" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21389281", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21389281" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3055.json b/2009/3xxx/CVE-2009-3055.json index 70b94f02483..0834a5cd1cd 100644 --- a/2009/3xxx/CVE-2009-3055.json +++ b/2009/3xxx/CVE-2009-3055.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9572", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9572" - }, - { - "name" : "36212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36212" + }, + { + "name": "9572", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9572" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3896.json b/2009/3xxx/CVE-2009-3896.json index 11b992542a5..205b6cda1ea 100644 --- a/2009/3xxx/CVE-2009-3896.json +++ b/2009/3xxx/CVE-2009-3896.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nginx] 20091030 Re: null pointer dereference vulnerability in 0.1.0-0.8.13.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=nginx&m=125692080328141&w=2" - }, - { - "name" : "[oss-security] 20091120 CVE Assignment nginx", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/20/6" - }, - { - "name" : "[oss-security] 20091120 CVEs for nginx", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/20/1" - }, - { - "name" : "[oss-security] 20091123 Re: CVEs for nginx", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/23/10" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035" - }, - { - "name" : "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz", - "refsource" : "CONFIRM", - "url" : "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz" - }, - { - "name" : "http://sysoev.ru/nginx/patch.null.pointer.txt", - "refsource" : "CONFIRM", - "url" : "http://sysoev.ru/nginx/patch.null.pointer.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=539565", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=539565" - }, - { - "name" : "DSA-1920", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1920" - }, - { - "name" : "FEDORA-2009-12750", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" - }, - { - "name" : "FEDORA-2009-12775", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" - }, - { - "name" : "FEDORA-2009-12782", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" - }, - { - "name" : "GLSA-201203-22", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-22.xml" - }, - { - "name" : "36839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36839" - }, - { - "name" : "48577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035" + }, + { + "name": "FEDORA-2009-12750", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" + }, + { + "name": "36839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36839" + }, + { + "name": "[oss-security] 20091123 Re: CVEs for nginx", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=539565", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565" + }, + { + "name": "FEDORA-2009-12775", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" + }, + { + "name": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz", + "refsource": "CONFIRM", + "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz" + }, + { + "name": "FEDORA-2009-12782", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" + }, + { + "name": "DSA-1920", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1920" + }, + { + "name": "48577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48577" + }, + { + "name": "[oss-security] 20091120 CVE Assignment nginx", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/20/6" + }, + { + "name": "http://sysoev.ru/nginx/patch.null.pointer.txt", + "refsource": "CONFIRM", + "url": "http://sysoev.ru/nginx/patch.null.pointer.txt" + }, + { + "name": "[oss-security] 20091120 CVEs for nginx", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" + }, + { + "name": "GLSA-201203-22", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" + }, + { + "name": "[nginx] 20091030 Re: null pointer dereference vulnerability in 0.1.0-0.8.13.", + "refsource": "MLIST", + "url": "http://marc.info/?l=nginx&m=125692080328141&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3986.json b/2009/3xxx/CVE-2009-3986.json index e5a7960fee0..6228aad8b03 100644 --- a/2009/3xxx/CVE-2009-3986.json +++ b/2009/3xxx/CVE-2009-3986.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-70.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-70.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=522430", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=522430" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=546724", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=546724" - }, - { - "name" : "DSA-1956", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1956" - }, - { - "name" : "FEDORA-2009-13333", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html" - }, - { - "name" : "FEDORA-2009-13362", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html" - }, - { - "name" : "FEDORA-2009-13366", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html" - }, - { - "name" : "RHSA-2009:1674", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1674.html" - }, - { - "name" : "SUSE-SA:2009:063", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2009_63_firefox.html" - }, - { - "name" : "USN-873-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-873-1" - }, - { - "name" : "USN-874-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-874-1" - }, - { - "name" : "37349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37349" - }, - { - "name" : "37365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37365" - }, - { - "name" : "oval:org.mitre.oval:def:11568", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11568" - }, - { - "name" : "oval:org.mitre.oval:def:8489", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8489" - }, - { - "name" : "1023344", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023344" - }, - { - "name" : "1023345", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023345" - }, - { - "name" : "37699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37699" - }, - { - "name" : "37704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37704" - }, - { - "name" : "37785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37785" - }, - { - "name" : "37813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37813" - }, - { - "name" : "37856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37856" - }, - { - "name" : "37881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37881" - }, - { - "name" : "ADV-2009-3547", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3547" - }, - { - "name" : "firefox-windowopener-code-execution(54803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37704" + }, + { + "name": "oval:org.mitre.oval:def:8489", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8489" + }, + { + "name": "37699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37699" + }, + { + "name": "oval:org.mitre.oval:def:11568", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11568" + }, + { + "name": "ADV-2009-3547", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3547" + }, + { + "name": "37881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37881" + }, + { + "name": "FEDORA-2009-13362", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html" + }, + { + "name": "37785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37785" + }, + { + "name": "1023345", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023345" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-70.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-70.html" + }, + { + "name": "USN-874-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-874-1" + }, + { + "name": "37813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37813" + }, + { + "name": "FEDORA-2009-13333", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=522430", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=522430" + }, + { + "name": "USN-873-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-873-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=546724", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546724" + }, + { + "name": "37365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37365" + }, + { + "name": "37349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37349" + }, + { + "name": "RHSA-2009:1674", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1674.html" + }, + { + "name": "FEDORA-2009-13366", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html" + }, + { + "name": "DSA-1956", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1956" + }, + { + "name": "37856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37856" + }, + { + "name": "1023344", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023344" + }, + { + "name": "firefox-windowopener-code-execution(54803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54803" + }, + { + "name": "SUSE-SA:2009:063", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2009_63_firefox.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4014.json b/2009/4xxx/CVE-2009-4014.json index ba20951b181..56396db1a95 100644 --- a/2009/4xxx/CVE-2009-4014.json +++ b/2009/4xxx/CVE-2009-4014.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", - "refsource" : "MLIST", - "url" : "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html" - }, - { - "name" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00", - "refsource" : "CONFIRM", - "url" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00" - }, - { - "name" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d", - "refsource" : "CONFIRM", - "url" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog" - }, - { - "name" : "DSA-1979", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1979" - }, - { - "name" : "USN-891-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-891-1" - }, - { - "name" : "37975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37975" - }, - { - "name" : "38375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38375" - }, - { - "name" : "38379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38379" + }, + { + "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d", + "refsource": "CONFIRM", + "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d" + }, + { + "name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", + "refsource": "MLIST", + "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html" + }, + { + "name": "38375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38375" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog" + }, + { + "name": "DSA-1979", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1979" + }, + { + "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00", + "refsource": "CONFIRM", + "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00" + }, + { + "name": "37975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37975" + }, + { + "name": "USN-891-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-891-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4362.json b/2009/4xxx/CVE-2009-4362.json index c609e5d0995..36c49abbb48 100644 --- a/2009/4xxx/CVE-2009-4362.json +++ b/2009/4xxx/CVE-2009-4362.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IZ66918", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ66918" - }, - { - "name" : "IZ66967", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ66967" - }, - { - "name" : "37412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37412" - }, - { - "name" : "37833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37833" - }, - { - "name" : "ADV-2009-3600", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IZ66918", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ66918" + }, + { + "name": "37833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37833" + }, + { + "name": "37412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37412" + }, + { + "name": "ADV-2009-3600", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3600" + }, + { + "name": "IZ66967", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ66967" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4726.json b/2009/4xxx/CVE-2009-4726.json index 4a08f233bbe..2555cb8b829 100644 --- a/2009/4xxx/CVE-2009-4726.json +++ b/2009/4xxx/CVE-2009-4726.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9334", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9334" - }, - { - "name" : "36130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36130" - }, - { - "name" : "ADV-2009-2126", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9334", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9334" + }, + { + "name": "ADV-2009-2126", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2126" + }, + { + "name": "36130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36130" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4961.json b/2009/4xxx/CVE-2009-4961.json index d53bddbcf1b..8a4bee62e39 100644 --- a/2009/4xxx/CVE-2009-4961.json +++ b/2009/4xxx/CVE-2009-4961.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9490", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9490", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9490" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2705.json b/2012/2xxx/CVE-2012-2705.json index 146beaa1d8a..fd1d8887966 100644 --- a/2012/2xxx/CVE-2012-2705.json +++ b/2012/2xxx/CVE-2012-2705.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" - }, - { - "name" : "http://drupal.org/node/1585564", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1585564" - }, - { - "name" : "http://drupal.org/node/1568216", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1568216" - }, - { - "name" : "http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a" - }, - { - "name" : "53592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53592" - }, - { - "name" : "82006", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82006" - }, - { - "name" : "49163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49163" - }, - { - "name" : "smartbreadcrumb-filtertitles-xss(75713)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "82006", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82006" + }, + { + "name": "53592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53592" + }, + { + "name": "http://drupal.org/node/1568216", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1568216" + }, + { + "name": "smartbreadcrumb-filtertitles-xss(75713)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75713" + }, + { + "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3" + }, + { + "name": "49163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49163" + }, + { + "name": "http://drupal.org/node/1585564", + "refsource": "MISC", + "url": "http://drupal.org/node/1585564" + }, + { + "name": "http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2706.json b/2012/2xxx/CVE-2012-2706.json index 08109bb0518..13c8623b227 100644 --- a/2012/2xxx/CVE-2012-2706.json +++ b/2012/2xxx/CVE-2012-2706.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" - }, - { - "name" : "http://drupal.org/node/1585648", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1585648" - }, - { - "name" : "53589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53589" - }, - { - "name" : "postaffiliatepro-registration-xss(75716)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53589" + }, + { + "name": "postaffiliatepro-registration-xss(75716)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75716" + }, + { + "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3" + }, + { + "name": "http://drupal.org/node/1585648", + "refsource": "MISC", + "url": "http://drupal.org/node/1585648" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2930.json b/2012/2xxx/CVE-2012-2930.json index e78b91e630b..3428675d08e 100644 --- a/2012/2xxx/CVE-2012-2930.json +++ b/2012/2xxx/CVE-2012-2930.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23093", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23093" - }, - { - "name" : "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html", - "refsource" : "CONFIRM", - "url" : "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html" - }, - { - "name" : "82961", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/82961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html", + "refsource": "CONFIRM", + "url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23093", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23093" + }, + { + "name": "82961", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/82961" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6025.json b/2012/6xxx/CVE-2012-6025.json index 72509be673d..cd433a53184 100644 --- a/2012/6xxx/CVE-2012-6025.json +++ b/2012/6xxx/CVE-2012-6025.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6025", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6025", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6041.json b/2012/6xxx/CVE-2012-6041.json index bc578118d57..73cd97186bf 100644 --- a/2012/6xxx/CVE-2012-6041.json +++ b/2012/6xxx/CVE-2012-6041.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120112 GreenBrowser iframe content Double Free Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0079.html" - }, - { - "name" : "51393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51393" - }, - { - "name" : "greenbrowser-shortcut-code-execution(72351)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "greenbrowser-shortcut-code-execution(72351)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72351" + }, + { + "name": "51393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51393" + }, + { + "name": "20120112 GreenBrowser iframe content Double Free Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0079.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6708.json b/2012/6xxx/CVE-2012-6708.json index 6c0c746302b..7ac31a0bfe1 100644 --- a/2012/6xxx/CVE-2012-6708.json +++ b/2012/6xxx/CVE-2012-6708.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.jquery.com/ticket/11290", - "refsource" : "MISC", - "url" : "https://bugs.jquery.com/ticket/11290" - }, - { - "name" : "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d", - "refsource" : "MISC", - "url" : "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d" - }, - { - "name" : "https://snyk.io/vuln/npm:jquery:20120206", - "refsource" : "MISC", - "url" : "https://snyk.io/vuln/npm:jquery:20120206" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "102792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://snyk.io/vuln/npm:jquery:20120206", + "refsource": "MISC", + "url": "https://snyk.io/vuln/npm:jquery:20120206" + }, + { + "name": "https://bugs.jquery.com/ticket/11290", + "refsource": "MISC", + "url": "https://bugs.jquery.com/ticket/11290" + }, + { + "name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "102792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102792" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1235.json b/2015/1xxx/CVE-2015-1235.json index 8d0d7caa2dd..cc529b779f8 100644 --- a/2015/1xxx/CVE-2015-1235.json +++ b/2015/1xxx/CVE-2015-1235.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=456518", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=456518" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=190980&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=190980&view=revision" - }, - { - "name" : "DSA-3238", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3238" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "RHSA-2015:0816", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0816.html" - }, - { - "name" : "openSUSE-SU-2015:1887", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:0748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" - }, - { - "name" : "USN-2570-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/USN-2570-1" - }, - { - "name" : "1032209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0816", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=456518", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=456518" + }, + { + "name": "DSA-3238", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3238" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=190980&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=190980&view=revision" + }, + { + "name": "openSUSE-SU-2015:1887", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "1032209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032209" + }, + { + "name": "USN-2570-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/USN-2570-1" + }, + { + "name": "openSUSE-SU-2015:0748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1644.json b/2015/1xxx/CVE-2015-1644.json index b737cb111ef..e6fcb21584b 100644 --- a/2015/1xxx/CVE-2015-1644.json +++ b/2015/1xxx/CVE-2015-1644.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka \"Windows MS-DOS Device Name Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-038" - }, - { - "name" : "73998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73998" - }, - { - "name" : "1032113", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka \"Windows MS-DOS Device Name Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73998" + }, + { + "name": "1032113", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032113" + }, + { + "name": "MS15-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-038" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1662.json b/2015/1xxx/CVE-2015-1662.json index e38c55e05ea..b3f586de89c 100644 --- a/2015/1xxx/CVE-2015-1662.json +++ b/2015/1xxx/CVE-2015-1662.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1659 and CVE-2015-1665." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-032" - }, - { - "name" : "1032108", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1659 and CVE-2015-1665." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032108", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032108" + }, + { + "name": "MS15-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-032" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5040.json b/2015/5xxx/CVE-2015-5040.json index 6e99aa6465b..3432405a1fb 100644 --- a/2015/5xxx/CVE-2015-5040.json +++ b/2015/5xxx/CVE-2015-5040.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21969050", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21969050" - }, - { - "name" : "1033974", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033974", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033974" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5470.json b/2015/5xxx/CVE-2015-5470.json index 36c02486a6c..b6ac77d4919 100644 --- a/2015/5xxx/CVE-2015-5470.json +++ b/2015/5xxx/CVE-2015-5470.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150707 Follow up: PowerDNS Security Advisory 2015-01", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/07/6" - }, - { - "name" : "[oss-security] 20150710 Re: Follow up: PowerDNS Security Advisory 2015-01", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/10/8" - }, - { - "name" : "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/", - "refsource" : "CONFIRM", - "url" : "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/", + "refsource": "CONFIRM", + "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/" + }, + { + "name": "[oss-security] 20150710 Re: Follow up: PowerDNS Security Advisory 2015-01", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/10/8" + }, + { + "name": "[oss-security] 20150707 Follow up: PowerDNS Security Advisory 2015-01", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/07/6" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5909.json b/2015/5xxx/CVE-2015-5909.json index fb6367ac03d..0ec0065e9b2 100644 --- a/2015/5xxx/CVE-2015-5909.json +++ b/2015/5xxx/CVE-2015-5909.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205217", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205217" - }, - { - "name" : "APPLE-SA-2015-09-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" - }, - { - "name" : "1033596", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033596", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033596" + }, + { + "name": "https://support.apple.com/HT205217", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205217" + }, + { + "name": "APPLE-SA-2015-09-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11146.json b/2018/11xxx/CVE-2018-11146.json index 9ecff87c2cd..c42af49e42e 100644 --- a/2018/11xxx/CVE-2018-11146.json +++ b/2018/11xxx/CVE-2018-11146.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11221.json b/2018/11xxx/CVE-2018-11221.json index cc6a79d4054..485386d9a84 100644 --- a/2018/11xxx/CVE-2018-11221.json +++ b/2018/11xxx/CVE-2018-11221.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.hackercat.ninja/post/pandoras_box/", - "refsource" : "MISC", - "url" : "https://blog.hackercat.ninja/post/pandoras_box/" - }, - { - "name" : "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf", - "refsource" : "CONFIRM", - "url" : "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf", + "refsource": "CONFIRM", + "url": "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf" + }, + { + "name": "https://blog.hackercat.ninja/post/pandoras_box/", + "refsource": "MISC", + "url": "https://blog.hackercat.ninja/post/pandoras_box/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11292.json b/2018/11xxx/CVE-2018-11292.json index 5abbbca8fe9..c02e16e4bf9 100644 --- a/2018/11xxx/CVE-2018-11292.json +++ b/2018/11xxx/CVE-2018-11292.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618", - "refsource" : "CONFIRM", - "url" : "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components" + }, + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618", + "refsource": "CONFIRM", + "url": "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11454.json b/2018/11xxx/CVE-2018-11454.json index 57295893b1e..fe8ae2a2df6 100644 --- a/2018/11xxx/CVE-2018-11454.json +++ b/2018/11xxx/CVE-2018-11454.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-08-07T00:00:00", - "ID" : "CVE-2018-11454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15", - "version" : { - "version_data" : [ - { - "version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions" - }, - { - "version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2" - }, - { - "version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6" - }, - { - "version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions < V15 Update 2" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-276: Incorrect Default Permissions" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-08-07T00:00:00", + "ID": "CVE-2018-11454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15", + "version": { + "version_data": [ + { + "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions" + }, + { + "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2" + }, + { + "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6" + }, + { + "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions < V15 Update 2" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf" - }, - { - "name" : "105115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276: Incorrect Default Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105115" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11476.json b/2018/11xxx/CVE-2018-11476.json index 878ae7e0efb..4179cf618fc 100644 --- a/2018/11xxx/CVE-2018-11476.json +++ b/2018/11xxx/CVE-2018-11476.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180529 SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/66" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/" + }, + { + "name": "20180529 SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/66" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11588.json b/2018/11xxx/CVE-2018-11588.json index e66b469b22e..9c2384d1070 100644 --- a/2018/11xxx/CVE-2018-11588.json +++ b/2018/11xxx/CVE-2018-11588.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html", - "refsource" : "CONFIRM", - "url" : "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html" - }, - { - "name" : "https://github.com/centreon/centreon/pull/6259", - "refsource" : "CONFIRM", - "url" : "https://github.com/centreon/centreon/pull/6259" - }, - { - "name" : "https://github.com/centreon/centreon/pull/6260", - "refsource" : "CONFIRM", - "url" : "https://github.com/centreon/centreon/pull/6260" - }, - { - "name" : "https://github.com/centreon/centreon/releases", - "refsource" : "CONFIRM", - "url" : "https://github.com/centreon/centreon/releases" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/centreon/centreon/releases", + "refsource": "CONFIRM", + "url": "https://github.com/centreon/centreon/releases" + }, + { + "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html", + "refsource": "CONFIRM", + "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html" + }, + { + "name": "https://github.com/centreon/centreon/pull/6260", + "refsource": "CONFIRM", + "url": "https://github.com/centreon/centreon/pull/6260" + }, + { + "name": "https://github.com/centreon/centreon/pull/6259", + "refsource": "CONFIRM", + "url": "https://github.com/centreon/centreon/pull/6259" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11960.json b/2018/11xxx/CVE-2018-11960.json index 7c04a7a2cfa..5770599f5ce 100644 --- a/2018/11xxx/CVE-2018-11960.json +++ b/2018/11xxx/CVE-2018-11960.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in HWEngines" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" - }, - { - "name" : "106136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in HWEngines" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106136" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15961.json b/2018/15xxx/CVE-2018-15961.json index 067bb4b6eb3..1c21750e066 100644 --- a/2018/15xxx/CVE-2018-15961.json +++ b/2018/15xxx/CVE-2018-15961.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ColdFusion", - "version" : { - "version_data" : [ - { - "version_value" : "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45979", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45979/" - }, - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" - }, - { - "name" : "105314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105314" - }, - { - "name" : "1041621", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted file upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" + }, + { + "name": "105314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105314" + }, + { + "name": "1041621", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041621" + }, + { + "name": "45979", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45979/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3758.json b/2018/3xxx/CVE-2018-3758.json index 062db78c0bf..5678db458be 100644 --- a/2018/3xxx/CVE-2018-3758.json +++ b/2018/3xxx/CVE-2018-3758.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-06-02T00:00:00", - "ID" : "CVE-2018-3758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "express-cart", - "version" : { - "version_data" : [ - { - "version_value" : "1.1.7" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-06-02T00:00:00", + "ID": "CVE-2018-3758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "express-cart", + "version": { + "version_data": [ + { + "version_value": "1.1.7" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/343726", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/343726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/343726", + "refsource": "MISC", + "url": "https://hackerone.com/reports/343726" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7599.json b/2018/7xxx/CVE-2018-7599.json index ead6d20b338..4948d43b316 100644 --- a/2018/7xxx/CVE-2018-7599.json +++ b/2018/7xxx/CVE-2018-7599.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7599", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7599", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8154.json b/2018/8xxx/CVE-2018-8154.json index a2f5b80c057..59906dc050c 100644 --- a/2018/8xxx/CVE-2018-8154.json +++ b/2018/8xxx/CVE-2018-8154.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Exchange Server", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 3 Update Rollup 21" - }, - { - "version_value" : "2013 Cumulative Update 19" - }, - { - "version_value" : "2013 Cumulative Update 20" - }, - { - "version_value" : "2013 Service Pack 1" - }, - { - "version_value" : "2016 Cumulative Update 8" - }, - { - "version_value" : "2016 Cumulative Update 9" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \"Microsoft Exchange Memory Corruption Vulnerability.\" This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 3 Update Rollup 21" + }, + { + "version_value": "2013 Cumulative Update 19" + }, + { + "version_value": "2013 Cumulative Update 20" + }, + { + "version_value": "2013 Service Pack 1" + }, + { + "version_value": "2016 Cumulative Update 8" + }, + { + "version_value": "2016 Cumulative Update 9" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8154", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8154" - }, - { - "name" : "104054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104054" - }, - { - "name" : "1040850", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \"Microsoft Exchange Memory Corruption Vulnerability.\" This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104054" + }, + { + "name": "1040850", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040850" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8154", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8154" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8333.json b/2018/8xxx/CVE-2018-8333.json index 2ad649ac907..f1aa0916654 100644 --- a/2018/8xxx/CVE-2018-8333.json +++ b/2018/8xxx/CVE-2018-8333.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka \"Microsoft Filter Manager Elevation Of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333" - }, - { - "name" : "105507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105507" - }, - { - "name" : "1041831", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka \"Microsoft Filter Manager Elevation Of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105507" + }, + { + "name": "1041831", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041831" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8447.json b/2018/8xxx/CVE-2018-8447.json index 6c6fa915820..873a56c698c 100644 --- a/2018/8xxx/CVE-2018-8447.json +++ b/2018/8xxx/CVE-2018-8447.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 9", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8447", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8447" - }, - { - "name" : "105257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105257" - }, - { - "name" : "1041632", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041632", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041632" + }, + { + "name": "105257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105257" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8447", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8447" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8984.json b/2018/8xxx/CVE-2018-8984.json index 3d766150597..dc93d9cca09 100644 --- a/2018/8xxx/CVE-2018-8984.json +++ b/2018/8xxx/CVE-2018-8984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8984", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8984", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file