From 6833ba124c0ea524cbf2bd2ded190abc373eefd1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:58:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0023.json | 180 +++++++------- 2005/0xxx/CVE-2005-0085.json | 290 +++++++++++----------- 2005/0xxx/CVE-2005-0879.json | 180 +++++++------- 2005/1xxx/CVE-2005-1449.json | 130 +++++----- 2005/1xxx/CVE-2005-1928.json | 200 +++++++-------- 2005/3xxx/CVE-2005-3423.json | 200 +++++++-------- 2005/3xxx/CVE-2005-3496.json | 170 ++++++------- 2005/3xxx/CVE-2005-3799.json | 140 +++++------ 2005/4xxx/CVE-2005-4034.json | 190 +++++++-------- 2005/4xxx/CVE-2005-4149.json | 160 ++++++------ 2005/4xxx/CVE-2005-4212.json | 180 +++++++------- 2005/4xxx/CVE-2005-4509.json | 150 ++++++------ 2009/0xxx/CVE-2009-0333.json | 140 +++++------ 2009/0xxx/CVE-2009-0572.json | 180 +++++++------- 2009/1xxx/CVE-2009-1525.json | 160 ++++++------ 2009/1xxx/CVE-2009-1578.json | 430 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1608.json | 180 +++++++------- 2009/1xxx/CVE-2009-1683.json | 170 ++++++------- 2009/1xxx/CVE-2009-1783.json | 150 ++++++------ 2009/3xxx/CVE-2009-3238.json | 240 +++++++++--------- 2009/3xxx/CVE-2009-3663.json | 170 ++++++------- 2009/4xxx/CVE-2009-4692.json | 160 ++++++------ 2009/4xxx/CVE-2009-4711.json | 140 +++++------ 2009/4xxx/CVE-2009-4990.json | 140 +++++------ 2012/2xxx/CVE-2012-2147.json | 190 +++++++-------- 2012/2xxx/CVE-2012-2244.json | 140 +++++------ 2012/2xxx/CVE-2012-2915.json | 150 ++++++------ 2015/1xxx/CVE-2015-1099.json | 190 +++++++-------- 2015/1xxx/CVE-2015-1338.json | 180 +++++++------- 2015/1xxx/CVE-2015-1499.json | 130 +++++----- 2015/1xxx/CVE-2015-1632.json | 130 +++++----- 2015/5xxx/CVE-2015-5054.json | 130 +++++----- 2015/5xxx/CVE-2015-5984.json | 34 +-- 2018/11xxx/CVE-2018-11025.json | 120 ++++----- 2018/11xxx/CVE-2018-11206.json | 130 +++++----- 2018/11xxx/CVE-2018-11464.json | 142 +++++------ 2018/11xxx/CVE-2018-11667.json | 34 +-- 2018/15xxx/CVE-2018-15192.json | 130 +++++----- 2018/15xxx/CVE-2018-15465.json | 188 +++++++------- 2018/15xxx/CVE-2018-15815.json | 34 +-- 2018/3xxx/CVE-2018-3069.json | 132 +++++----- 2018/3xxx/CVE-2018-3375.json | 34 +-- 2018/3xxx/CVE-2018-3880.json | 122 +++++----- 2018/3xxx/CVE-2018-3934.json | 120 ++++----- 2018/7xxx/CVE-2018-7171.json | 140 +++++------ 2018/8xxx/CVE-2018-8253.json | 166 ++++++------- 2018/8xxx/CVE-2018-8280.json | 220 ++++++++--------- 2018/8xxx/CVE-2018-8862.json | 132 +++++----- 48 files changed, 3774 insertions(+), 3774 deletions(-) diff --git a/2005/0xxx/CVE-2005-0023.json b/2005/0xxx/CVE-2005-0023.json index 4625eff775d..fc824064397 100644 --- a/2005/0xxx/CVE-2005-0023.json +++ b/2005/0xxx/CVE-2005-0023.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 gnome-pty-helper writes arbitrary utmp records", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879572407250&w=2" - }, - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=317312", - "refsource" : "MISC", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=317312" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907" - }, - { - "name" : "15004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15004" - }, - { - "name" : "ADV-2005-1931", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1931" - }, - { - "name" : "17023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17023" - }, - { - "name" : "libzvt-gnomeptyhelper-spoof(22496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-1931", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1931" + }, + { + "name": "20051007 gnome-pty-helper writes arbitrary utmp records", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879572407250&w=2" + }, + { + "name": "15004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15004" + }, + { + "name": "libzvt-gnomeptyhelper-spoof(22496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22496" + }, + { + "name": "17023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17023" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=317312", + "refsource": "MISC", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=317312" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0085.json b/2005/0xxx/CVE-2005-0085.json index 2f06ed0d186..415ca461b94 100644 --- a/2005/0xxx/CVE-2005-0085.json +++ b/2005/0xxx/CVE-2005-0085.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-680", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-680" - }, - { - "name" : "FLSA-2006:152907", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html" - }, - { - "name" : "GLSA-200502-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml" - }, - { - "name" : "MDKSA-2005:063", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:063" - }, - { - "name" : "RHSA-2005:073", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-073.html" - }, - { - "name" : "RHSA-2005:090", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-090.html" - }, - { - "name" : "SCOSA-2005.46", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt" - }, - { - "name" : "12442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12442" - }, - { - "name" : "oval:org.mitre.oval:def:10878", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878" - }, - { - "name" : "1013078", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013078" - }, - { - "name" : "14255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14255" - }, - { - "name" : "17414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17414" - }, - { - "name" : "17415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17415" - }, - { - "name" : "14276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14276" - }, - { - "name" : "14303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14303" - }, - { - "name" : "14795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14795" - }, - { - "name" : "15007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15007" - }, - { - "name" : "htdig-config-xss(19223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14795" + }, + { + "name": "oval:org.mitre.oval:def:10878", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878" + }, + { + "name": "RHSA-2005:073", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-073.html" + }, + { + "name": "14255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14255" + }, + { + "name": "MDKSA-2005:063", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:063" + }, + { + "name": "17415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17415" + }, + { + "name": "htdig-config-xss(19223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19223" + }, + { + "name": "14303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14303" + }, + { + "name": "14276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14276" + }, + { + "name": "12442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12442" + }, + { + "name": "GLSA-200502-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml" + }, + { + "name": "DSA-680", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-680" + }, + { + "name": "17414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17414" + }, + { + "name": "RHSA-2005:090", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-090.html" + }, + { + "name": "FLSA-2006:152907", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html" + }, + { + "name": "15007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15007" + }, + { + "name": "1013078", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013078" + }, + { + "name": "SCOSA-2005.46", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0879.json b/2005/0xxx/CVE-2005-0879.json index f70317abe39..65d593252a4 100644 --- a/2005/0xxx/CVE-2005-0879.json +++ b/2005/0xxx/CVE-2005-0879.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050323 Vortex Portal", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-03/0405.html" - }, - { - "name" : "12878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12878" - }, - { - "name" : "14958", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14958" - }, - { - "name" : "14959", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14959" - }, - { - "name" : "1013545", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013545" - }, - { - "name" : "14707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14707" - }, - { - "name" : "vortexportal-act-file-include(19809)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14959", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14959" + }, + { + "name": "1013545", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013545" + }, + { + "name": "12878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12878" + }, + { + "name": "14958", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14958" + }, + { + "name": "20050323 Vortex Portal", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-03/0405.html" + }, + { + "name": "14707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14707" + }, + { + "name": "vortexportal-act-file-include(19809)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19809" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1449.json b/2005/1xxx/CVE-2005-1449.json index 040f89a2704..08475723f77 100644 --- a/2005/1xxx/CVE-2005-1449.json +++ b/2005/1xxx/CVE-2005-1449.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.s9y.org/63.html#A9", - "refsource" : "CONFIRM", - "url" : "http://www.s9y.org/63.html#A9" - }, - { - "name" : "15145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15145" + }, + { + "name": "http://www.s9y.org/63.html#A9", + "refsource": "CONFIRM", + "url": "http://www.s9y.org/63.html#A9" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1928.json b/2005/1xxx/CVE-2005-1928.json index 9cf0aed4099..90d155bee27 100644 --- a/2005/1xxx/CVE-2005-1928.json +++ b/2005/1xxx/CVE-2005-1928.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain \"magic value\" to port 5005, which also leads to a memory leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051214 Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=356&type=vulnerabilities" - }, - { - "name" : "http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254", - "refsource" : "MISC", - "url" : "http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254" - }, - { - "name" : "http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt", - "refsource" : "MISC", - "url" : "http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt" - }, - { - "name" : "15868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15868" - }, - { - "name" : "ADV-2005-2907", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2907" - }, - { - "name" : "21773", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21773" - }, - { - "name" : "1015358", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015358" - }, - { - "name" : "18038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18038" - }, - { - "name" : "259", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain \"magic value\" to port 5005, which also leads to a memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18038" + }, + { + "name": "1015358", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015358" + }, + { + "name": "http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt", + "refsource": "MISC", + "url": "http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt" + }, + { + "name": "http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254", + "refsource": "MISC", + "url": "http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254" + }, + { + "name": "15868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15868" + }, + { + "name": "259", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/259" + }, + { + "name": "21773", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21773" + }, + { + "name": "20051214 Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=356&type=vulnerabilities" + }, + { + "name": "ADV-2005-2907", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2907" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3423.json b/2005/3xxx/CVE-2005-3423.json index e7a583e27d0..4d7bc939d08 100644 --- a/2005/3xxx/CVE-2005-3423.json +++ b/2005/3xxx/CVE-2005-3423.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rst.void.ru/papers/advisory35.txt", - "refsource" : "MISC", - "url" : "http://rst.void.ru/papers/advisory35.txt" - }, - { - "name" : "15238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15238" - }, - { - "name" : "20378", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20378" - }, - { - "name" : "20379", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20379" - }, - { - "name" : "20380", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20380" - }, - { - "name" : "20381", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20381" - }, - { - "name" : "20382", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20382" - }, - { - "name" : "20384", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20384" - }, - { - "name" : "17378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rst.void.ru/papers/advisory35.txt", + "refsource": "MISC", + "url": "http://rst.void.ru/papers/advisory35.txt" + }, + { + "name": "20379", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20379" + }, + { + "name": "20380", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20380" + }, + { + "name": "20382", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20382" + }, + { + "name": "20378", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20378" + }, + { + "name": "20381", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20381" + }, + { + "name": "17378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17378" + }, + { + "name": "15238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15238" + }, + { + "name": "20384", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20384" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3496.json b/2005/3xxx/CVE-2005-3496.json index 6a5ea502259..8b248b050e3 100644 --- a/2005/3xxx/CVE-2005-3496.json +++ b/2005/3xxx/CVE-2005-3496.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zone-h.org/advisories/read/id=8360", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=8360" - }, - { - "name" : "15294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15294" - }, - { - "name" : "ADV-2005-2292", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2292" - }, - { - "name" : "20479", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20479" - }, - { - "name" : "20480", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20480" - }, - { - "name" : "17412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20479", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20479" + }, + { + "name": "http://www.zone-h.org/advisories/read/id=8360", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=8360" + }, + { + "name": "15294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15294" + }, + { + "name": "ADV-2005-2292", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2292" + }, + { + "name": "17412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17412" + }, + { + "name": "20480", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20480" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3799.json b/2005/3xxx/CVE-2005-3799.json index e12473cd4a5..e5294658b69 100644 --- a/2005/3xxx/CVE-2005-3799.json +++ b/2005/3xxx/CVE-2005-3799.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051111 phpBB 2.0.18 SQL Query problem", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113200740718682&w=2" - }, - { - "name" : "20051115 Re: phpBB 2.0.18 SQL Query problem", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113210133012767&w=2" - }, - { - "name" : "http://securityreason.com/achievement_exploitalert/4", - "refsource" : "MISC", - "url" : "http://securityreason.com/achievement_exploitalert/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051111 phpBB 2.0.18 SQL Query problem", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113200740718682&w=2" + }, + { + "name": "20051115 Re: phpBB 2.0.18 SQL Query problem", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113210133012767&w=2" + }, + { + "name": "http://securityreason.com/achievement_exploitalert/4", + "refsource": "MISC", + "url": "http://securityreason.com/achievement_exploitalert/4" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4034.json b/2005/4xxx/CVE-2005-4034.json index 89b7b51a883..1a88b107b44 100644 --- a/2005/4xxx/CVE-2005-4034.json +++ b/2005/4xxx/CVE-2005-4034.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/web4future-edating-professional-v5-sql.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/web4future-edating-professional-v5-sql.html" - }, - { - "name" : "15715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15715" - }, - { - "name" : "ADV-2005-2734", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2734" - }, - { - "name" : "21418", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21418" - }, - { - "name" : "21419", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21419" - }, - { - "name" : "21420", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21420" - }, - { - "name" : "21421", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21421" - }, - { - "name" : "17879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/web4future-edating-professional-v5-sql.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/web4future-edating-professional-v5-sql.html" + }, + { + "name": "17879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17879" + }, + { + "name": "ADV-2005-2734", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2734" + }, + { + "name": "21419", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21419" + }, + { + "name": "21418", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21418" + }, + { + "name": "15715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15715" + }, + { + "name": "21421", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21421" + }, + { + "name": "21420", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21420" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4149.json b/2005/4xxx/CVE-2005-4149.json index 53c241c6323..106c7ebdf18 100644 --- a/2005/4xxx/CVE-2005-4149.json +++ b/2005/4xxx/CVE-2005-4149.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html" - }, - { - "name" : "20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419077/100/0/threaded" - }, - { - "name" : "http://metasploit.com/research/vulns/lyris_listmanager/", - "refsource" : "MISC", - "url" : "http://metasploit.com/research/vulns/lyris_listmanager/" - }, - { - "name" : "ADV-2005-2820", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2820" - }, - { - "name" : "17943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419077/100/0/threaded" + }, + { + "name": "http://metasploit.com/research/vulns/lyris_listmanager/", + "refsource": "MISC", + "url": "http://metasploit.com/research/vulns/lyris_listmanager/" + }, + { + "name": "ADV-2005-2820", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2820" + }, + { + "name": "20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html" + }, + { + "name": "17943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17943" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4212.json b/2005/4xxx/CVE-2005-4212.json index 14f8c6e77d7..e1648fa7a7c 100644 --- a/2005/4xxx/CVE-2005-4212.json +++ b/2005/4xxx/CVE-2005-4212.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via \"..\" (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051213 phpCOIN 1.2.2 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419382/100/0/threaded" - }, - { - "name" : "http://forums.phpcoin.com/index.php?showtopic=5469", - "refsource" : "CONFIRM", - "url" : "http://forums.phpcoin.com/index.php?showtopic=5469" - }, - { - "name" : "http://rgod.altervista.org/phpcoin122.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/phpcoin122.html" - }, - { - "name" : "15831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15831" - }, - { - "name" : "ADV-2005-2888", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2888" - }, - { - "name" : "1015345", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015345" - }, - { - "name" : "18030", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via \"..\" (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rgod.altervista.org/phpcoin122.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/phpcoin122.html" + }, + { + "name": "http://forums.phpcoin.com/index.php?showtopic=5469", + "refsource": "CONFIRM", + "url": "http://forums.phpcoin.com/index.php?showtopic=5469" + }, + { + "name": "18030", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18030" + }, + { + "name": "20051213 phpCOIN 1.2.2 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419382/100/0/threaded" + }, + { + "name": "ADV-2005-2888", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2888" + }, + { + "name": "1015345", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015345" + }, + { + "name": "15831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15831" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4509.json b/2005/4xxx/CVE-2005-4509.json index c481d8b8dca..ffa1cdb8e0e 100644 --- a/2005/4xxx/CVE-2005-4509.json +++ b/2005/4xxx/CVE-2005-4509.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15996" - }, - { - "name" : "21841", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21841" - }, - { - "name" : "18133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18133" - }, - { - "name" : "ptools-index-sql-injection(23837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21841", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21841" + }, + { + "name": "18133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18133" + }, + { + "name": "ptools-index-sql-injection(23837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23837" + }, + { + "name": "15996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15996" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0333.json b/2009/0xxx/CVE-2009-0333.json index 6decdb225f9..c8b87eb1ed1 100644 --- a/2009/0xxx/CVE-2009-0333.json +++ b/2009/0xxx/CVE-2009-0333.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7833", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7833" - }, - { - "name" : "33353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33353" - }, - { - "name" : "33577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33577" + }, + { + "name": "33353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33353" + }, + { + "name": "7833", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7833" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0572.json b/2009/0xxx/CVE-2009-0572.json index 1476bf7e39f..6d66098ed47 100644 --- a/2009/0xxx/CVE-2009-0572.json +++ b/2009/0xxx/CVE-2009-0572.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090202 flatnux Flatnux-2009-01-27 Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500663/100/0/threaded" - }, - { - "name" : "7969", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7969" - }, - { - "name" : "33599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33599" - }, - { - "name" : "51728", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51728" - }, - { - "name" : "51729", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51729" - }, - { - "name" : "33721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33721" - }, - { - "name" : "flatnuxcms-fnrootpath-file-include(48491)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33599" + }, + { + "name": "51728", + "refsource": "OSVDB", + "url": "http://osvdb.org/51728" + }, + { + "name": "20090202 flatnux Flatnux-2009-01-27 Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500663/100/0/threaded" + }, + { + "name": "33721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33721" + }, + { + "name": "51729", + "refsource": "OSVDB", + "url": "http://osvdb.org/51729" + }, + { + "name": "flatnuxcms-fnrootpath-file-include(48491)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48491" + }, + { + "name": "7969", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7969" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1525.json b/2009/1xxx/CVE-2009-1525.json index 3d140166548..8386b3b0939 100644 --- a/2009/1xxx/CVE-2009-1525.json +++ b/2009/1xxx/CVE-2009-1525.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090422 DirectAdmin < 1.33.4 Local file overwrite & Local root escalation", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html" - }, - { - "name" : "http://www.directadmin.com/features.php?id=968", - "refsource" : "CONFIRM", - "url" : "http://www.directadmin.com/features.php?id=968" - }, - { - "name" : "54015", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54015" - }, - { - "name" : "34861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34861" - }, - { - "name" : "directadmin-cmddb-command-execution(50167)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54015", + "refsource": "OSVDB", + "url": "http://osvdb.org/54015" + }, + { + "name": "20090422 DirectAdmin < 1.33.4 Local file overwrite & Local root escalation", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html" + }, + { + "name": "directadmin-cmddb-command-execution(50167)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50167" + }, + { + "name": "34861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34861" + }, + { + "name": "http://www.directadmin.com/features.php?id=968", + "refsource": "CONFIRM", + "url": "http://www.directadmin.com/features.php?id=968" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1578.json b/2009/1xxx/CVE-2009-1578.json index 15b568b232e..444f175c099 100644 --- a/2009/1xxx/CVE-2009-1578.json +++ b/2009/1xxx/CVE-2009-1578.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672" - }, - { - "name" : "http://www.squirrelmail.org/security/issue/2009-05-08", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/security/issue/2009-05-08" - }, - { - "name" : "http://www.squirrelmail.org/security/issue/2009-05-09", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/security/issue/2009-05-09" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=500363", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=500363" - }, - { - "name" : "http://download.gna.org/nasmail/nasmail-1.7.zip", - "refsource" : "CONFIRM", - "url" : "http://download.gna.org/nasmail/nasmail-1.7.zip" - }, - { - "name" : "https://gna.org/forum/forum.php?forum_id=2146", - "refsource" : "CONFIRM", - "url" : "https://gna.org/forum/forum.php?forum_id=2146" - }, - { - "name" : "http://support.apple.com/kb/HT4188", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4188" - }, - { - "name" : "APPLE-SA-2010-06-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" - }, - { - "name" : "DSA-1802", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1802" - }, - { - "name" : "FEDORA-2009-4870", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html" - }, - { - "name" : "FEDORA-2009-4880", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html" - }, - { - "name" : "FEDORA-2009-4875", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html" - }, - { - "name" : "MDVSA-2009:110", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110" - }, - { - "name" : "RHSA-2009:1066", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1066.html" - }, - { - "name" : "34916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34916" - }, - { - "name" : "60468", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60468" - }, - { - "name" : "oval:org.mitre.oval:def:11624", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624" - }, - { - "name" : "35052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35052" - }, - { - "name" : "35073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35073" - }, - { - "name" : "35140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35140" - }, - { - "name" : "37415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37415" - }, - { - "name" : "35259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35259" - }, - { - "name" : "40220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40220" - }, - { - "name" : "ADV-2009-1296", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1296" - }, - { - "name" : "ADV-2009-3315", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3315" - }, - { - "name" : "ADV-2010-1481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1481" - }, - { - "name" : "squirrelmail-decryptheaders-xss(50460)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50460" - }, - { - "name" : "squirrelmail-phpself-xss(50459)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-06-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" + }, + { + "name": "https://gna.org/forum/forum.php?forum_id=2146", + "refsource": "CONFIRM", + "url": "https://gna.org/forum/forum.php?forum_id=2146" + }, + { + "name": "MDVSA-2009:110", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110" + }, + { + "name": "34916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34916" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog" + }, + { + "name": "ADV-2010-1481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1481" + }, + { + "name": "http://www.squirrelmail.org/security/issue/2009-05-09", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/security/issue/2009-05-09" + }, + { + "name": "FEDORA-2009-4870", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670" + }, + { + "name": "35140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35140" + }, + { + "name": "http://download.gna.org/nasmail/nasmail-1.7.zip", + "refsource": "CONFIRM", + "url": "http://download.gna.org/nasmail/nasmail-1.7.zip" + }, + { + "name": "60468", + "refsource": "OSVDB", + "url": "http://osvdb.org/60468" + }, + { + "name": "FEDORA-2009-4880", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html" + }, + { + "name": "oval:org.mitre.oval:def:11624", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624" + }, + { + "name": "http://support.apple.com/kb/HT4188", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4188" + }, + { + "name": "squirrelmail-phpself-xss(50459)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50459" + }, + { + "name": "40220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40220" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672" + }, + { + "name": "ADV-2009-1296", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1296" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672" + }, + { + "name": "35259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35259" + }, + { + "name": "35052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35052" + }, + { + "name": "squirrelmail-decryptheaders-xss(50460)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50460" + }, + { + "name": "FEDORA-2009-4875", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html" + }, + { + "name": "RHSA-2009:1066", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html" + }, + { + "name": "37415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37415" + }, + { + "name": "35073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35073" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670" + }, + { + "name": "http://www.squirrelmail.org/security/issue/2009-05-08", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/security/issue/2009-05-08" + }, + { + "name": "ADV-2009-3315", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3315" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=500363", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500363" + }, + { + "name": "DSA-1802", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1802" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1608.json b/2009/1xxx/CVE-2009-1608.json index 9c3ae69a98a..f852665add7 100644 --- a/2009/1xxx/CVE-2009-1608.json +++ b/2009/1xxx/CVE-2009-1608.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090511 [Bkis-08-2009] Microchip MPLAB IDE Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503400/100/0/threaded" - }, - { - "name" : "http://security.bkis.vn/?p=654", - "refsource" : "MISC", - "url" : "http://security.bkis.vn/?p=654" - }, - { - "name" : "34897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34897" - }, - { - "name" : "54370", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54370" - }, - { - "name" : "35054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35054" - }, - { - "name" : "mplabide-catfilters-bo(50419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50419" - }, - { - "name" : "mplabide-fileinfo-bo(50418)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54370", + "refsource": "OSVDB", + "url": "http://osvdb.org/54370" + }, + { + "name": "mplabide-catfilters-bo(50419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50419" + }, + { + "name": "35054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35054" + }, + { + "name": "http://security.bkis.vn/?p=654", + "refsource": "MISC", + "url": "http://security.bkis.vn/?p=654" + }, + { + "name": "mplabide-fileinfo-bo(50418)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50418" + }, + { + "name": "34897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34897" + }, + { + "name": "20090511 [Bkis-08-2009] Microchip MPLAB IDE Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503400/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1683.json b/2009/1xxx/CVE-2009-1683.json index 48141cc4bb0..361d209fc1d 100644 --- a/2009/1xxx/CVE-2009-1683.json +++ b/2009/1xxx/CVE-2009-1683.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a \"logic issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "JVN#87239696", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN87239696/index.html" - }, - { - "name" : "JVNDB-2009-000040", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html" - }, - { - "name" : "35414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35414" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a \"logic issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "JVNDB-2009-000040", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html" + }, + { + "name": "35414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35414" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "JVN#87239696", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN87239696/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1783.json b/2009/1xxx/CVE-2009-1783.json index 1d3f95f1299..8bb784b3b70 100644 --- a/2009/1xxx/CVE-2009-1783.json +++ b/2009/1xxx/CVE-2009-1783.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090509 [TZO-21-2009] Fprot CAB bypass / evasion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503393/100/0/threaded" - }, - { - "name" : "http://blog.zoller.lu/2009/04/advisory-f-prot-frisk-cab-bypass.html", - "refsource" : "MISC", - "url" : "http://blog.zoller.lu/2009/04/advisory-f-prot-frisk-cab-bypass.html" - }, - { - "name" : "34896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34896" - }, - { - "name" : "fprot-cab-security-bypass(50427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.zoller.lu/2009/04/advisory-f-prot-frisk-cab-bypass.html", + "refsource": "MISC", + "url": "http://blog.zoller.lu/2009/04/advisory-f-prot-frisk-cab-bypass.html" + }, + { + "name": "34896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34896" + }, + { + "name": "20090509 [TZO-21-2009] Fprot CAB bypass / evasion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503393/100/0/threaded" + }, + { + "name": "fprot-cab-security-bypass(50427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50427" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3238.json b/2009/3xxx/CVE-2009-3238.json index c7adbd0ef0b..9211006c7ca 100644 --- a/2009/3xxx/CVE-2009-3238.json +++ b/2009/3xxx/CVE-2009-3238.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to \"return the same value over and over again for long stretches of time.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02" - }, - { - "name" : "http://patchwork.kernel.org/patch/21766/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.kernel.org/patch/21766/" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=499785", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=499785" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=519692", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=519692" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us" - }, - { - "name" : "RHSA-2009:1438", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1438.html" - }, - { - "name" : "SUSE-SA:2009:054", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" - }, - { - "name" : "USN-852-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-852-1" - }, - { - "name" : "oval:org.mitre.oval:def:11168", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168" - }, - { - "name" : "37351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37351" - }, - { - "name" : "37105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to \"return the same value over and over again for long stretches of time.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us" + }, + { + "name": "USN-852-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-852-1" + }, + { + "name": "http://patchwork.kernel.org/patch/21766/", + "refsource": "CONFIRM", + "url": "http://patchwork.kernel.org/patch/21766/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=519692", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519692" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30" + }, + { + "name": "37351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37351" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=499785", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499785" + }, + { + "name": "SUSE-SA:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" + }, + { + "name": "oval:org.mitre.oval:def:11168", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02" + }, + { + "name": "RHSA-2009:1438", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html" + }, + { + "name": "SUSE-SA:2009:054", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html" + }, + { + "name": "37105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37105" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3663.json b/2009/3xxx/CVE-2009-3663.json index 8b3c39423fb..e001a0061b5 100644 --- a/2009/3xxx/CVE-2009-3663.json +++ b/2009/3xxx/CVE-2009-3663.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9657", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9657" - }, - { - "name" : "http://httpdx.sourceforge.net/downloads/changelog.log", - "refsource" : "CONFIRM", - "url" : "http://httpdx.sourceforge.net/downloads/changelog.log" - }, - { - "name" : "58129", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58129" - }, - { - "name" : "36734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36734" - }, - { - "name" : "ADV-2009-2654", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2654" - }, - { - "name" : "httpdx-hostheader-format-string(53205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58129", + "refsource": "OSVDB", + "url": "http://osvdb.org/58129" + }, + { + "name": "httpdx-hostheader-format-string(53205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53205" + }, + { + "name": "9657", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9657" + }, + { + "name": "36734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36734" + }, + { + "name": "ADV-2009-2654", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2654" + }, + { + "name": "http://httpdx.sourceforge.net/downloads/changelog.log", + "refsource": "CONFIRM", + "url": "http://httpdx.sourceforge.net/downloads/changelog.log" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4692.json b/2009/4xxx/CVE-2009-4692.json index 625637460bb..7dc76fe5ca2 100644 --- a/2009/4xxx/CVE-2009-4692.json +++ b/2009/4xxx/CVE-2009-4692.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9195", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9195" - }, - { - "name" : "35730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35730" - }, - { - "name" : "55949", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55949" - }, - { - "name" : "35826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35826" - }, - { - "name" : "radlance-index-xss(51835)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35826" + }, + { + "name": "55949", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55949" + }, + { + "name": "9195", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9195" + }, + { + "name": "35730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35730" + }, + { + "name": "radlance-index-xss(51835)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51835" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4711.json b/2009/4xxx/CVE-2009-4711.json index 5ca63c2a150..e84e45c3b93 100644 --- a/2009/4xxx/CVE-2009-4711.json +++ b/2009/4xxx/CVE-2009-4711.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" - }, - { - "name" : "35872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35872" - }, - { - "name" : "36082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35872" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" + }, + { + "name": "36082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36082" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4990.json b/2009/4xxx/CVE-2009-4990.json index a2ec0bf03cc..7ec58e4d30d 100644 --- a/2009/4xxx/CVE-2009-4990.json +++ b/2009/4xxx/CVE-2009-4990.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/540980", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/540980" - }, - { - "name" : "35953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35953" - }, - { - "name" : "36181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35953" + }, + { + "name": "http://drupal.org/node/540980", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/540980" + }, + { + "name": "36181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36181" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2147.json b/2012/2xxx/CVE-2012-2147.json index 92ff5dec207..3a23a1c731f 100644 --- a/2012/2xxx/CVE-2012-2147.json +++ b/2012/2xxx/CVE-2012-2147.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120417 RE: CVE Request (minor) -- Two Munin graphing framework flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/18/2" - }, - { - "name" : "[oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/17/2" - }, - { - "name" : "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/19/4" - }, - { - "name" : "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/19/3" - }, - { - "name" : "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/19/5" - }, - { - "name" : "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/27/7" - }, - { - "name" : "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/29/2" - }, - { - "name" : "munin-image-requests-dos(78924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5" + }, + { + "name": "[oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/17/2" + }, + { + "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7" + }, + { + "name": "munin-image-requests-dos(78924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78924" + }, + { + "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4" + }, + { + "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3" + }, + { + "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2" + }, + { + "name": "[oss-security] 20120417 RE: CVE Request (minor) -- Two Munin graphing framework flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2244.json b/2012/2xxx/CVE-2012-2244.json index 12767a02401..d2c0430e2bb 100644 --- a/2012/2xxx/CVE-2012-2244.json +++ b/2012/2xxx/CVE-2012-2244.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2012-2244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1057238", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/mahara/+bug/1057238" - }, - { - "name" : "https://mahara.org/interaction/forum/topic.php?id=4936", - "refsource" : "CONFIRM", - "url" : "https://mahara.org/interaction/forum/topic.php?id=4936" - }, - { - "name" : "DSA-2591", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2591", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2591" + }, + { + "name": "https://bugs.launchpad.net/mahara/+bug/1057238", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/mahara/+bug/1057238" + }, + { + "name": "https://mahara.org/interaction/forum/topic.php?id=4936", + "refsource": "CONFIRM", + "url": "https://mahara.org/interaction/forum/topic.php?id=4936" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2915.json b/2012/2xxx/CVE-2012-2915.json index 88c1e5e9a32..d58464318f6 100644 --- a/2012/2xxx/CVE-2012-2915.json +++ b/2012/2xxx/CVE-2012-2915.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "53566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53566" - }, - { - "name" : "82001", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82001" - }, - { - "name" : "48741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48741" - }, - { - "name" : "pacdesigner-pac-bo(75698)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pacdesigner-pac-bo(75698)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75698" + }, + { + "name": "48741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48741" + }, + { + "name": "82001", + "refsource": "OSVDB", + "url": "http://osvdb.org/82001" + }, + { + "name": "53566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53566" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1099.json b/2015/1xxx/CVE-2015-1099.json index 6fb3c8d705c..ae706adbaa2 100644 --- a/2015/1xxx/CVE-2015-1099.json +++ b/2015/1xxx/CVE-2015-1099.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204870", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204870" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "https://support.apple.com/kb/HT204870", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204870" + }, + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1338.json b/2015/1xxx/CVE-2015-1338.json index 3a6cc2a47f0..91cb08b92dd 100644 --- a/2015/1xxx/CVE-2015-1338.json +++ b/2015/1xxx/CVE-2015-1338.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-1338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38353", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38353/" - }, - { - "name" : "20150927 Apport kernel_crashdump symlink vulnerability exploitation", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/101" - }, - { - "name" : "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html" - }, - { - "name" : "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/", - "refsource" : "MISC", - "url" : "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570" - }, - { - "name" : "https://launchpad.net/apport/trunk/2.19", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/apport/trunk/2.19" - }, - { - "name" : "USN-2744-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2744-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2744-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2744-1" + }, + { + "name": "https://launchpad.net/apport/trunk/2.19", + "refsource": "CONFIRM", + "url": "https://launchpad.net/apport/trunk/2.19" + }, + { + "name": "38353", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38353/" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570" + }, + { + "name": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/", + "refsource": "MISC", + "url": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/" + }, + { + "name": "20150927 Apport kernel_crashdump symlink vulnerability exploitation", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/101" + }, + { + "name": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1499.json b/2015/1xxx/CVE-2015-1499.json index 3a9db5774ff..55b3fa62d31 100644 --- a/2015/1xxx/CVE-2015-1499.json +++ b/2015/1xxx/CVE-2015-1499.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-041/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-041/" - }, - { - "name" : "samsung-security-cve20151499-dos(100918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "samsung-security-cve20151499-dos(100918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100918" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-041/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-041/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1632.json b/2015/1xxx/CVE-2015-1632.json index f6fe28ee0a3..34c808b1583 100644 --- a/2015/1xxx/CVE-2015-1632.json +++ b/2015/1xxx/CVE-2015-1632.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka \"Exchange Error Message Cross Site Scripting Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026" - }, - { - "name" : "1031900", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka \"Exchange Error Message Cross Site Scripting Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026" + }, + { + "name": "1031900", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031900" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5054.json b/2015/5xxx/CVE-2015-5054.json index 9f59d134e87..316d67ba818 100644 --- a/2015/5xxx/CVE-2015-5054.json +++ b/2015/5xxx/CVE-2015-5054.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151202 Ellucian Banner Student Vulnerability Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537029/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html" + }, + { + "name": "20151202 Ellucian Banner Student Vulnerability Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537029/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5984.json b/2015/5xxx/CVE-2015-5984.json index bc9d5c1d5aa..5a6e93083f0 100644 --- a/2015/5xxx/CVE-2015-5984.json +++ b/2015/5xxx/CVE-2015-5984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5984", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5984", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11025.json b/2018/11xxx/CVE-2018-11025.json index 7102f48a9b1..d72c8b43df2 100644 --- a/2018/11xxx/CVE-2018-11025.json +++ b/2018/11xxx/CVE-2018-11025.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", - "refsource" : "MISC", - "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", + "refsource": "MISC", + "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11206.json b/2018/11xxx/CVE-2018-11206.json index 0978d610280..87a6db9a256 100644 --- a/2018/11xxx/CVE-2018-11206.json +++ b/2018/11xxx/CVE-2018-11206.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md" - }, - { - "name" : "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5", - "refsource" : "MISC", - "url" : "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md" + }, + { + "name": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5", + "refsource": "MISC", + "url": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11464.json b/2018/11xxx/CVE-2018-11464.json index 8c9018099f6..a1c2dc0992c 100644 --- a/2018/11xxx/CVE-2018-11464.json +++ b/2018/11xxx/CVE-2018-11464.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2018-11464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", - "version" : { - "version_data" : [ - { - "version_value" : "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" - }, - { - "version_value" : "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" - }, - { - "version_value" : "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-248: Uncaught Exception" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2018-11464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", + "version": { + "version_data": [ + { + "version_value": "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" + }, + { + "version_value": "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" + }, + { + "version_value": "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" - }, - { - "name" : "106185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106185" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11667.json b/2018/11xxx/CVE-2018-11667.json index 20ccf21680a..cdde9adddbd 100644 --- a/2018/11xxx/CVE-2018-11667.json +++ b/2018/11xxx/CVE-2018-11667.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11667", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11667", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15192.json b/2018/15xxx/CVE-2018-15192.json index c3b8f57b5d9..e94118c0b7a 100644 --- a/2018/15xxx/CVE-2018-15192.json +++ b/2018/15xxx/CVE-2018-15192.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/go-gitea/gitea/issues/4624", - "refsource" : "MISC", - "url" : "https://github.com/go-gitea/gitea/issues/4624" - }, - { - "name" : "https://github.com/gogs/gogs/issues/5366", - "refsource" : "MISC", - "url" : "https://github.com/gogs/gogs/issues/5366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gogs/gogs/issues/5366", + "refsource": "MISC", + "url": "https://github.com/gogs/gogs/issues/5366" + }, + { + "name": "https://github.com/go-gitea/gitea/issues/4624", + "refsource": "MISC", + "url": "https://github.com/go-gitea/gitea/issues/4624" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15465.json b/2018/15xxx/CVE-2018-15465.json index d1ef674e99a..f79c18a3c05 100644 --- a/2018/15xxx/CVE-2018-15465.json +++ b/2018/15xxx/CVE-2018-15465.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-12-19T16:00:00-0800", - "ID" : "CVE-2018-15465", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Adaptive Security Appliance (ASA) Software ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "8.1", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-12-19T16:00:00-0800", + "ID": "CVE-2018-15465", + "STATE": "PUBLIC", + "TITLE": "Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Adaptive Security Appliance (ASA) Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-46", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-46" - }, - { - "name" : "20181219 Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc" - }, - { - "name" : "106256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106256" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181219-asa-privesc", - "defect" : [ - [ - "CSCvm53531" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106256" + }, + { + "name": "https://www.tenable.com/security/research/tra-2018-46", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-46" + }, + { + "name": "20181219 Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181219-asa-privesc", + "defect": [ + [ + "CSCvm53531" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15815.json b/2018/15xxx/CVE-2018-15815.json index e37add5773d..a95b7678f01 100644 --- a/2018/15xxx/CVE-2018-15815.json +++ b/2018/15xxx/CVE-2018-15815.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15815", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15815", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3069.json b/2018/3xxx/CVE-2018-3069.json index 33d68d03689..be60b18a1b3 100644 --- a/2018/3xxx/CVE-2018-3069.json +++ b/2018/3xxx/CVE-2018-3069.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Agile Product Lifecycle Management for Process", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "6.2.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). The supported version that is affected is 6.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Agile Product Lifecycle Management for Process", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.2.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). The supported version that is affected is 6.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104770" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3375.json b/2018/3xxx/CVE-2018-3375.json index b313356d06e..ae24084b18e 100644 --- a/2018/3xxx/CVE-2018-3375.json +++ b/2018/3xxx/CVE-2018-3375.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3375", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3375", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3880.json b/2018/3xxx/CVE-2018-3880.json index 93a0fdcd35e..44701918bf7 100644 --- a/2018/3xxx/CVE-2018-3880.json +++ b/2018/3xxx/CVE-2018-3880.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Samsung", - "version" : { - "version_data" : [ - { - "version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Classic Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung", + "version": { + "version_data": [ + { + "version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3934.json b/2018/3xxx/CVE-2018-3934.json index 41214317503..bd9f02a7daa 100644 --- a/2018/3xxx/CVE-2018-3934.json +++ b/2018/3xxx/CVE-2018-3934.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2018-3934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Yi Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Yi Technology Home Camera 27US 1.8.7.0D" - } - ] - } - } - ] - }, - "vendor_name" : "unknown" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2018-3934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yi Technology", + "version": { + "version_data": [ + { + "version_value": "Yi Technology Home Camera 27US 1.8.7.0D" + } + ] + } + } + ] + }, + "vendor_name": "unknown" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0601", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0601", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0601" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7171.json b/2018/7xxx/CVE-2018-7171.json index 58411aca58e..307d61bdac5 100644 --- a/2018/7xxx/CVE-2018-7171.json +++ b/2018/7xxx/CVE-2018-7171.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44350", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44350/" - }, - { - "name" : "http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html" - }, - { - "name" : "https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py", - "refsource" : "MISC", - "url" : "https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py", + "refsource": "MISC", + "url": "https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py" + }, + { + "name": "http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html" + }, + { + "name": "44350", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44350/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8253.json b/2018/8xxx/CVE-2018-8253.json index c992565c154..68bc4aee1de 100644 --- a/2018/8xxx/CVE-2018-8253.json +++ b/2018/8xxx/CVE-2018-8253.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka \"Microsoft Cortana Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253" - }, - { - "name" : "105009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105009" - }, - { - "name" : "1041477", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka \"Microsoft Cortana Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041477", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041477" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253" + }, + { + "name": "105009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105009" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8280.json b/2018/8xxx/CVE-2018-8280.json index a24f1d1af2c..e619a61f94c 100644 --- a/2018/8xxx/CVE-2018-8280.json +++ b/2018/8xxx/CVE-2018-8280.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280" - }, - { - "name" : "104642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104642" - }, - { - "name" : "1041256", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041256", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041256" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280" + }, + { + "name": "104642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104642" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8862.json b/2018/8xxx/CVE-2018-8862.json index 120f4986e9f..a6d19084f68 100644 --- a/2018/8xxx/CVE-2018-8862.json +++ b/2018/8xxx/CVE-2018-8862.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-04-10T00:00:00", - "ID" : "CVE-2018-8862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emergency Mass Notification Systems", - "version" : { - "version_data" : [ - { - "version_value" : "The following ATI's Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000." - } - ] - } - } - ] - }, - "vendor_name" : "Acoustic Technology, Inc. (ATI Systems)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER AUTHENTICATION CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-04-10T00:00:00", + "ID": "CVE-2018-8862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emergency Mass Notification Systems", + "version": { + "version_data": [ + { + "version_value": "The following ATI's Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000." + } + ] + } + } + ] + }, + "vendor_name": "Acoustic Technology, Inc. (ATI Systems)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01" - }, - { - "name" : "103721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER AUTHENTICATION CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103721" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01" + } + ] + } +} \ No newline at end of file