From 6926126507eb16bda1f5daeaa9c18b62d43b5c0e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:27:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1556.json | 140 +++++----- 2005/2xxx/CVE-2005-2179.json | 140 +++++----- 2005/2xxx/CVE-2005-2502.json | 160 +++++------ 2005/2xxx/CVE-2005-2760.json | 34 +-- 2005/2xxx/CVE-2005-2908.json | 34 +-- 2005/3xxx/CVE-2005-3255.json | 120 ++++----- 2005/3xxx/CVE-2005-3827.json | 170 ++++++------ 2005/3xxx/CVE-2005-3851.json | 160 +++++------ 2005/4xxx/CVE-2005-4348.json | 410 ++++++++++++++--------------- 2005/4xxx/CVE-2005-4837.json | 210 +++++++-------- 2009/2xxx/CVE-2009-2068.json | 140 +++++----- 2009/2xxx/CVE-2009-2888.json | 150 +++++------ 2009/3xxx/CVE-2009-3601.json | 150 +++++------ 2009/3xxx/CVE-2009-3661.json | 150 +++++------ 2009/3xxx/CVE-2009-3855.json | 150 +++++------ 2009/4xxx/CVE-2009-4023.json | 230 ++++++++-------- 2009/4xxx/CVE-2009-4281.json | 34 +-- 2009/4xxx/CVE-2009-4344.json | 140 +++++----- 2009/4xxx/CVE-2009-4356.json | 170 ++++++------ 2009/4xxx/CVE-2009-4496.json | 190 ++++++------- 2015/0xxx/CVE-2015-0042.json | 140 +++++----- 2015/0xxx/CVE-2015-0084.json | 140 +++++----- 2015/0xxx/CVE-2015-0119.json | 120 ++++----- 2015/0xxx/CVE-2015-0479.json | 130 ++++----- 2015/0xxx/CVE-2015-0562.json | 240 ++++++++--------- 2015/1xxx/CVE-2015-1061.json | 200 +++++++------- 2015/1xxx/CVE-2015-1238.json | 200 +++++++------- 2015/1xxx/CVE-2015-1882.json | 150 +++++------ 2015/4xxx/CVE-2015-4119.json | 170 ++++++------ 2015/4xxx/CVE-2015-4237.json | 130 ++++----- 2015/5xxx/CVE-2015-5328.json | 34 +-- 2018/1999xxx/CVE-2018-1999047.json | 126 ++++----- 2018/2xxx/CVE-2018-2103.json | 34 +-- 2018/2xxx/CVE-2018-2342.json | 34 +-- 2018/2xxx/CVE-2018-2459.json | 148 +++++------ 2018/2xxx/CVE-2018-2465.json | 156 +++++------ 2018/3xxx/CVE-2018-3211.json | 180 ++++++------- 2018/3xxx/CVE-2018-3443.json | 34 +-- 2018/3xxx/CVE-2018-3461.json | 34 +-- 2018/3xxx/CVE-2018-3645.json | 122 ++++----- 2018/6xxx/CVE-2018-6156.json | 34 +-- 2018/6xxx/CVE-2018-6285.json | 34 +-- 2018/6xxx/CVE-2018-6306.json | 122 ++++----- 2018/6xxx/CVE-2018-6338.json | 34 +-- 2018/6xxx/CVE-2018-6943.json | 120 ++++----- 2018/7xxx/CVE-2018-7119.json | 34 +-- 2018/7xxx/CVE-2018-7167.json | 150 +++++------ 2018/7xxx/CVE-2018-7631.json | 120 ++++----- 2018/7xxx/CVE-2018-7862.json | 34 +-- 49 files changed, 3143 insertions(+), 3143 deletions(-) diff --git a/1999/1xxx/CVE-1999-1556.json b/1999/1xxx/CVE-1999-1556.json index 01b64b38e99..abb0c553a73 100644 --- a/1999/1xxx/CVE-1999-1556.json +++ b/1999/1xxx/CVE-1999-1556.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980629 MS SQL Server 6.5 stores password in unprotected registry keys", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=90222453431645&w=2" - }, - { - "name" : "109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/109" - }, - { - "name" : "mssql-sqlexecutivecmdexec-password(7354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980629 MS SQL Server 6.5 stores password in unprotected registry keys", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=90222453431645&w=2" + }, + { + "name": "109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/109" + }, + { + "name": "mssql-sqlexecutivecmdexec-password(7354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7354" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2179.json b/2005/2xxx/CVE-2005-2179.json index 61cac6fe81a..d8d34b642b5 100644 --- a/2005/2xxx/CVE-2005-2179.json +++ b/2005/2xxx/CVE-2005-2179.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050706 Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112067013827970&w=2" - }, - { - "name" : "http://www.hardened-php.net/advisory-072005.php", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory-072005.php" - }, - { - "name" : "1014395", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014395", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014395" + }, + { + "name": "http://www.hardened-php.net/advisory-072005.php", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory-072005.php" + }, + { + "name": "20050706 Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112067013827970&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2502.json b/2005/2xxx/CVE-2005-2502.json index 0d407a447ab..7b1eb72b18a 100644 --- a/2005/2xxx/CVE-2005-2502.json +++ b/2005/2xxx/CVE-2005-2502.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "TA05-229A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-229A.html" - }, - { - "name" : "VU#172948", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/172948" - }, - { - "name" : "1014695", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014695", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014695" + }, + { + "name": "VU#172948", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/172948" + }, + { + "name": "TA05-229A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-229A.html" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2760.json b/2005/2xxx/CVE-2005-2760.json index 2909cddf9fe..f926c36412b 100644 --- a/2005/2xxx/CVE-2005-2760.json +++ b/2005/2xxx/CVE-2005-2760.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2760", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2760", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2908.json b/2005/2xxx/CVE-2005-2908.json index 044b3e71c81..314ec079771 100644 --- a/2005/2xxx/CVE-2005-2908.json +++ b/2005/2xxx/CVE-2005-2908.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2908", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2908", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3255.json b/2005/3xxx/CVE-2005-3255.json index 61874b71e33..c38fefa48c4 100644 --- a/2005/3xxx/CVE-2005-3255.json +++ b/2005/3xxx/CVE-2005-3255.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[secure-testing-announce] 20050828 [DTSA-6-1] New cgiwrap packages fix multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[secure-testing-announce] 20050828 [DTSA-6-1] New cgiwrap packages fix multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000003.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3827.json b/2005/3xxx/CVE-2005-3827.json index 52225c3bebd..c6f920c3a27 100644 --- a/2005/3xxx/CVE-2005-3827.json +++ b/2005/3xxx/CVE-2005-3827.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/agilebill-14x-id-sql-injection.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/agilebill-14x-id-sql-injection.html" - }, - { - "name" : "15572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15572" - }, - { - "name" : "ADV-2005-2591", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2591" - }, - { - "name" : "21103", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21103" - }, - { - "name" : "1015272", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015272" - }, - { - "name" : "17723", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17723", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17723" + }, + { + "name": "ADV-2005-2591", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2591" + }, + { + "name": "1015272", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015272" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/agilebill-14x-id-sql-injection.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/agilebill-14x-id-sql-injection.html" + }, + { + "name": "21103", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21103" + }, + { + "name": "15572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15572" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3851.json b/2005/3xxx/CVE-2005-3851.json index fa2bbbbd3a7..b1da0516eff 100644 --- a/2005/3xxx/CVE-2005-3851.json +++ b/2005/3xxx/CVE-2005-3851.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/oasys-lite-10-searchasp-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/oasys-lite-10-searchasp-xss-vuln.html" - }, - { - "name" : "15605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15605" - }, - { - "name" : "ADV-2005-2583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2583" - }, - { - "name" : "21095", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21095" - }, - { - "name" : "17712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21095", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21095" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/oasys-lite-10-searchasp-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/oasys-lite-10-searchasp-xss-vuln.html" + }, + { + "name": "17712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17712" + }, + { + "name": "ADV-2005-2583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2583" + }, + { + "name": "15605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15605" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4348.json b/2005/4xxx/CVE-2005-4348.json index 9029e62660c..b95766b2d62 100644 --- a/2005/4xxx/CVE-2005-4348.json +++ b/2005/4xxx/CVE-2005-4348.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051221 fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420098/100/0/threaded" - }, - { - "name" : "20060526 rPSA-2006-0084-1 fetchmail", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435197/100/0/threaded" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836" - }, - { - "name" : "http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt", - "refsource" : "CONFIRM", - "url" : "http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt" - }, - { - "name" : "DSA-939", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-939" - }, - { - "name" : "MDKSA-2005:236", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:236" - }, - { - "name" : "RHSA-2007:0018", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0018.html" - }, - { - "name" : "20070201-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc" - }, - { - "name" : "SSA:2006-045-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499" - }, - { - "name" : "SUSE-SR:2007:004", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_4_sr.html" - }, - { - "name" : "2006-0002", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0002/" - }, - { - "name" : "USN-233-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/233-1/" - }, - { - "name" : "15987", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15987" - }, - { - "name" : "19289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19289" - }, - { - "name" : "oval:org.mitre.oval:def:9659", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9659" - }, - { - "name" : "ADV-2005-2996", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2996" - }, - { - "name" : "ADV-2006-3101", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3101" - }, - { - "name" : "21906", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21906" - }, - { - "name" : "1015383", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015383" - }, - { - "name" : "17891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17891" - }, - { - "name" : "18172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18172" - }, - { - "name" : "18231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18231" - }, - { - "name" : "18266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18266" - }, - { - "name" : "18433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18433" - }, - { - "name" : "18895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18895" - }, - { - "name" : "18463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18463" - }, - { - "name" : "21253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21253" - }, - { - "name" : "24007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24007" - }, - { - "name" : "24284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24284" - }, - { - "name" : "fetchmail-null-pointer-dos(23713)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18266" + }, + { + "name": "18172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18172" + }, + { + "name": "18231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18231" + }, + { + "name": "ADV-2006-3101", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3101" + }, + { + "name": "20051221 fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420098/100/0/threaded" + }, + { + "name": "21253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21253" + }, + { + "name": "1015383", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015383" + }, + { + "name": "SSA:2006-045-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499" + }, + { + "name": "17891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17891" + }, + { + "name": "19289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19289" + }, + { + "name": "2006-0002", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0002/" + }, + { + "name": "18463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18463" + }, + { + "name": "24284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24284" + }, + { + "name": "24007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24007" + }, + { + "name": "oval:org.mitre.oval:def:9659", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9659" + }, + { + "name": "15987", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15987" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836" + }, + { + "name": "fetchmail-null-pointer-dos(23713)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23713" + }, + { + "name": "SUSE-SR:2007:004", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html" + }, + { + "name": "USN-233-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/233-1/" + }, + { + "name": "21906", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21906" + }, + { + "name": "ADV-2005-2996", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2996" + }, + { + "name": "MDKSA-2005:236", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:236" + }, + { + "name": "20060526 rPSA-2006-0084-1 fetchmail", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435197/100/0/threaded" + }, + { + "name": "20070201-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc" + }, + { + "name": "RHSA-2007:0018", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0018.html" + }, + { + "name": "18895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18895" + }, + { + "name": "DSA-939", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-939" + }, + { + "name": "18433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18433" + }, + { + "name": "http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt", + "refsource": "CONFIRM", + "url": "http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4837.json b/2005/4xxx/CVE-2005-4837.json index 5aed65d55dd..222f581bb77 100644 --- a/2005/4xxx/CVE-2005-4837.json +++ b/2005/4xxx/CVE-2005-4837.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1207023&group_id=12694&atid=112694", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1207023&group_id=12694&atid=112694" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1334", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1334" - }, - { - "name" : "102929", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102929-1" - }, - { - "name" : "USN-456-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-456-1" - }, - { - "name" : "23762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23762" - }, - { - "name" : "oval:org.mitre.oval:def:9442", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9442" - }, - { - "name" : "ADV-2007-1944", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1944" - }, - { - "name" : "25114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25114" - }, - { - "name" : "25115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25115" - }, - { - "name" : "25411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.rpath.com/browse/RPL-1334", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1334" + }, + { + "name": "25115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25115" + }, + { + "name": "oval:org.mitre.oval:def:9442", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9442" + }, + { + "name": "ADV-2007-1944", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1944" + }, + { + "name": "25114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25114" + }, + { + "name": "102929", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102929-1" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1207023&group_id=12694&atid=112694", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1207023&group_id=12694&atid=112694" + }, + { + "name": "23762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23762" + }, + { + "name": "USN-456-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-456-1" + }, + { + "name": "25411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25411" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2068.json b/2009/2xxx/CVE-2009-2068.json index bff323412c6..2295c2ee880 100644 --- a/2009/2xxx/CVE-2009-2068.json +++ b/2009/2xxx/CVE-2009-2068.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" - }, - { - "name" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" - }, - { - "name" : "googlechrome-https-security-bypass(51192)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", + "refsource": "MISC", + "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" + }, + { + "name": "googlechrome-https-security-bypass(51192)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192" + }, + { + "name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", + "refsource": "MISC", + "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2888.json b/2009/2xxx/CVE-2009-2888.json index ed4832f8347..d7fe960d138 100644 --- a/2009/2xxx/CVE-2009-2888.json +++ b/2009/2xxx/CVE-2009-2888.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/tophangman-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/tophangman-sqlxss.txt" - }, - { - "name" : "56075", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56075" - }, - { - "name" : "35888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35888" - }, - { - "name" : "hangman-index-sql(51884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hangman-index-sql(51884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51884" + }, + { + "name": "56075", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56075" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/tophangman-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/tophangman-sqlxss.txt" + }, + { + "name": "35888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35888" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3601.json b/2009/3xxx/CVE-2009-3601.json index 8ee061d2fbe..16b253e60d7 100644 --- a/2009/3xxx/CVE-2009-3601.json +++ b/2009/3xxx/CVE-2009-3601.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/ultimatepoll-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/ultimatepoll-xss.txt" - }, - { - "name" : "55914", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55914" - }, - { - "name" : "35834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35834" - }, - { - "name" : "ultimatepoll-clr-xss(51773)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55914", + "refsource": "OSVDB", + "url": "http://osvdb.org/55914" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/ultimatepoll-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/ultimatepoll-xss.txt" + }, + { + "name": "ultimatepoll-clr-xss(51773)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51773" + }, + { + "name": "35834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35834" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3661.json b/2009/3xxx/CVE-2009-3661.json index 464fb26c6f3..6aada1f073a 100644 --- a/2009/3xxx/CVE-2009-3661.json +++ b/2009/3xxx/CVE-2009-3661.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9693", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9693" - }, - { - "name" : "http://www.design-joomla.eu/joomla-news/dj-catalog-sql-bsql-injection-multiple-vulnerability-fix.html", - "refsource" : "MISC", - "url" : "http://www.design-joomla.eu/joomla-news/dj-catalog-sql-bsql-injection-multiple-vulnerability-fix.html" - }, - { - "name" : "36412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36412" - }, - { - "name" : "36696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9693", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9693" + }, + { + "name": "36412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36412" + }, + { + "name": "36696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36696" + }, + { + "name": "http://www.design-joomla.eu/joomla-news/dj-catalog-sql-bsql-injection-multiple-vulnerability-fix.html", + "refsource": "MISC", + "url": "http://www.design-joomla.eu/joomla-news/dj-catalog-sql-bsql-injection-multiple-vulnerability-fix.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3855.json b/2009/3xxx/CVE-2009-3855.json index 86f24c50989..7e901c4e6ea 100644 --- a/2009/3xxx/CVE-2009-3855.json +++ b/2009/3xxx/CVE-2009-3855.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21405562", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21405562" - }, - { - "name" : "IC54489", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC54489" - }, - { - "name" : "32534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32534" - }, - { - "name" : "ADV-2009-3132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3132" + }, + { + "name": "IC54489", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC54489" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562" + }, + { + "name": "32534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32534" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4023.json b/2009/4xxx/CVE-2009-4023.json index 6cb21782477..e9f0ddd92e4 100644 --- a/2009/4xxx/CVE-2009-4023.json +++ b/2009/4xxx/CVE-2009-4023.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091123 CVE request: Argument injections in multiple PEAR packages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/23/8" - }, - { - "name" : "http://pear.php.net/bugs/bug.php?id=16200", - "refsource" : "CONFIRM", - "url" : "http://pear.php.net/bugs/bug.php?id=16200" - }, - { - "name" : "http://pear.php.net/bugs/bug.php?id=16200&edit=12&patch=quick-fix&revision=1241757412", - "refsource" : "CONFIRM", - "url" : "http://pear.php.net/bugs/bug.php?id=16200&edit=12&patch=quick-fix&revision=1241757412" - }, - { - "name" : "http://svn.php.net/viewvc/pear/packages/Mail/trunk/Mail/sendmail.php?r1=243717&r2=280134", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/pear/packages/Mail/trunk/Mail/sendmail.php?r1=243717&r2=280134" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=294256", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=294256" - }, - { - "name" : "DSA-1938", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1938" - }, - { - "name" : "SUSE-SR:2010:020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" - }, - { - "name" : "37081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37081" - }, - { - "name" : "37410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37410" - }, - { - "name" : "37458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37458" - }, - { - "name" : "ADV-2009-3300", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3300" - }, - { - "name" : "pear-from-security-bypass(54362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37081" + }, + { + "name": "SUSE-SR:2010:020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" + }, + { + "name": "37458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37458" + }, + { + "name": "[oss-security] 20091123 CVE request: Argument injections in multiple PEAR packages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/23/8" + }, + { + "name": "ADV-2009-3300", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3300" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=294256", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=294256" + }, + { + "name": "http://pear.php.net/bugs/bug.php?id=16200&edit=12&patch=quick-fix&revision=1241757412", + "refsource": "CONFIRM", + "url": "http://pear.php.net/bugs/bug.php?id=16200&edit=12&patch=quick-fix&revision=1241757412" + }, + { + "name": "pear-from-security-bypass(54362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54362" + }, + { + "name": "DSA-1938", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1938" + }, + { + "name": "37410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37410" + }, + { + "name": "http://svn.php.net/viewvc/pear/packages/Mail/trunk/Mail/sendmail.php?r1=243717&r2=280134", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/pear/packages/Mail/trunk/Mail/sendmail.php?r1=243717&r2=280134" + }, + { + "name": "http://pear.php.net/bugs/bug.php?id=16200", + "refsource": "CONFIRM", + "url": "http://pear.php.net/bugs/bug.php?id=16200" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4281.json b/2009/4xxx/CVE-2009-4281.json index f20a18d6b2a..3a21186c9d3 100644 --- a/2009/4xxx/CVE-2009-4281.json +++ b/2009/4xxx/CVE-2009-4281.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4281", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4281", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4344.json b/2009/4xxx/CVE-2009-4344.json index b9e9c6f9cad..5de453827df 100644 --- a/2009/4xxx/CVE-2009-4344.json +++ b/2009/4xxx/CVE-2009-4344.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - }, - { - "name" : "ADV-2009-3550", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3550" - }, - { - "name" : "typo3-zid-xss(54789)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-zid-xss(54789)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54789" + }, + { + "name": "ADV-2009-3550", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3550" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4356.json b/2009/4xxx/CVE-2009-4356.json index 2eb3d1aa17c..2c89158e6f9 100644 --- a/2009/4xxx/CVE-2009-4356.json +++ b/2009/4xxx/CVE-2009-4356.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091217 VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508532/100/0/threaded" - }, - { - "name" : "http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php", - "refsource" : "MISC", - "url" : "http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php" - }, - { - "name" : "http://forums.winamp.com/showthread.php?threadid=315355", - "refsource" : "CONFIRM", - "url" : "http://forums.winamp.com/showthread.php?threadid=315355" - }, - { - "name" : "37387", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37387" - }, - { - "name" : "oval:org.mitre.oval:def:15743", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743" - }, - { - "name" : "ADV-2009-3576", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091217 VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508532/100/0/threaded" + }, + { + "name": "http://forums.winamp.com/showthread.php?threadid=315355", + "refsource": "CONFIRM", + "url": "http://forums.winamp.com/showthread.php?threadid=315355" + }, + { + "name": "ADV-2009-3576", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3576" + }, + { + "name": "oval:org.mitre.oval:def:15743", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743" + }, + { + "name": "http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php", + "refsource": "MISC", + "url": "http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php" + }, + { + "name": "37387", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37387" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4496.json b/2009/4xxx/CVE-2009-4496.json index 9db36071a17..8aada6eed47 100644 --- a/2009/4xxx/CVE-2009-4496.json +++ b/2009/4xxx/CVE-2009-4496.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508830/100/0/threaded" - }, - { - "name" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" - }, - { - "name" : "FEDORA-2010-7599", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041285.html" - }, - { - "name" : "FEDORA-2010-7640", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041271.html" - }, - { - "name" : "FEDORA-2010-7645", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041274.html" - }, - { - "name" : "37718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37718" - }, - { - "name" : "39775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39775" - }, - { - "name" : "ADV-2010-1133", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-7640", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041271.html" + }, + { + "name": "FEDORA-2010-7645", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041274.html" + }, + { + "name": "39775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39775" + }, + { + "name": "37718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37718" + }, + { + "name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" + }, + { + "name": "ADV-2010-1133", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1133" + }, + { + "name": "FEDORA-2010-7599", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041285.html" + }, + { + "name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0042.json b/2015/0xxx/CVE-2015-0042.json index 92420b0ed61..bf2b38f0480 100644 --- a/2015/0xxx/CVE-2015-0042.json +++ b/2015/0xxx/CVE-2015-0042.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0038 and CVE-2015-0046." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72412" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0038 and CVE-2015-0046." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72412" + }, + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0084.json b/2015/0xxx/CVE-2015-0084.json index 47a02f5bde0..81df4f41a88 100644 --- a/2015/0xxx/CVE-2015-0084.json +++ b/2015/0xxx/CVE-2015-0084.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka \"Task Scheduler Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-028", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-028" - }, - { - "name" : "72913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72913" - }, - { - "name" : "1031893", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka \"Task Scheduler Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-028", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-028" + }, + { + "name": "1031893", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031893" + }, + { + "name": "72913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72913" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0119.json b/2015/0xxx/CVE-2015-0119.json index b4b9652113b..8cd990d3d73 100644 --- a/2015/0xxx/CVE-2015-0119.json +++ b/2015/0xxx/CVE-2015-0119.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699645", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699645", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699645" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0479.json b/2015/0xxx/CVE-2015-0479.json index 218c11bb26d..c731316d18c 100644 --- a/2015/0xxx/CVE-2015-0479.json +++ b/2015/0xxx/CVE-2015-0479.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the XDK and XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "1032118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the XDK and XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "1032118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032118" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0562.json b/2015/0xxx/CVE-2015-0562.json index a81b185892a..286b4775472 100644 --- a/2015/0xxx/CVE-2015-0562.json +++ b/2015/0xxx/CVE-2015-0562.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2015-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2015-03.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10724", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10724" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a559f2a050947f793c00159c0cd4d30f403f217c", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a559f2a050947f793c00159c0cd4d30f403f217c" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0019.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0019.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "DSA-3141", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3141" - }, - { - "name" : "MDVSA-2015:022", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:022" - }, - { - "name" : "RHSA-2015:1460", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1460.html" - }, - { - "name" : "openSUSE-SU-2015:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html" - }, - { - "name" : "71921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71921" - }, - { - "name" : "62612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62612" - }, - { - "name" : "62673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://advisories.mageia.org/MGASA-2015-0019.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0019.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a559f2a050947f793c00159c0cd4d30f403f217c", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a559f2a050947f793c00159c0cd4d30f403f217c" + }, + { + "name": "62612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62612" + }, + { + "name": "MDVSA-2015:022", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:022" + }, + { + "name": "71921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71921" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "RHSA-2015:1460", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1460.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10724", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10724" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "DSA-3141", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3141" + }, + { + "name": "62673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62673" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2015-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2015-03.html" + }, + { + "name": "openSUSE-SU-2015:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1061.json b/2015/1xxx/CVE-2015-1061.json index 5638cf8bc9d..f5c5c9d160a 100644 --- a/2015/1xxx/CVE-2015-1061.json +++ b/2015/1xxx/CVE-2015-1061.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204413", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204413" - }, - { - "name" : "https://support.apple.com/HT204423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204423" - }, - { - "name" : "https://support.apple.com/HT204426", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204426" - }, - { - "name" : "https://support.apple.com/kb/HT204563", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204563" - }, - { - "name" : "APPLE-SA-2015-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-03-09-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html" - }, - { - "name" : "73004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73004" - }, - { - "name" : "1031864", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html" + }, + { + "name": "APPLE-SA-2015-03-09-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html" + }, + { + "name": "https://support.apple.com/HT204426", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204426" + }, + { + "name": "https://support.apple.com/HT204413", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204413" + }, + { + "name": "APPLE-SA-2015-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html" + }, + { + "name": "1031864", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031864" + }, + { + "name": "https://support.apple.com/kb/HT204563", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204563" + }, + { + "name": "https://support.apple.com/HT204423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204423" + }, + { + "name": "73004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73004" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1238.json b/2015/1xxx/CVE-2015-1238.json index 5b97f25eecc..c00192b96c8 100644 --- a/2015/1xxx/CVE-2015-1238.json +++ b/2015/1xxx/CVE-2015-1238.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=445808", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=445808" - }, - { - "name" : "DSA-3238", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3238" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "RHSA-2015:0816", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0816.html" - }, - { - "name" : "openSUSE-SU-2015:1887", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:0748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" - }, - { - "name" : "USN-2570-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2570-1" - }, - { - "name" : "1032209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0816", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html" + }, + { + "name": "USN-2570-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2570-1" + }, + { + "name": "DSA-3238", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3238" + }, + { + "name": "openSUSE-SU-2015:1887", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "1032209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032209" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=445808", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=445808" + }, + { + "name": "openSUSE-SU-2015:0748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1882.json b/2015/1xxx/CVE-2015-1882.json index 11f51de6a9a..b060216e2cf 100644 --- a/2015/1xxx/CVE-2015-1882.json +++ b/2015/1xxx/CVE-2015-1882.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697368", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697368" - }, - { - "name" : "PI33357", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33357" - }, - { - "name" : "74222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74222" - }, - { - "name" : "1032190", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74222" + }, + { + "name": "1032190", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032190" + }, + { + "name": "PI33357", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33357" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697368", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697368" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4119.json b/2015/4xxx/CVE-2015-4119.json index 97f25ab0e36..1944503cf5b 100644 --- a/2015/4xxx/CVE-2015-4119.json +++ b/2015/4xxx/CVE-2015-4119.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150610 Multiple Vulnerabilities in ISPConfig", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535734/100/0/threaded" - }, - { - "name" : "37259", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37259/" - }, - { - "name" : "http://packetstormsecurity.com/files/132238/ISPConfig-3.0.5.4p6-SQL-Injection-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132238/ISPConfig-3.0.5.4p6-SQL-Injection-Cross-Site-Request-Forgery.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23260", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23260" - }, - { - "name" : "http://bugtracker.ispconfig.org/index.php?do=details&task_id=3898", - "refsource" : "CONFIRM", - "url" : "http://bugtracker.ispconfig.org/index.php?do=details&task_id=3898" - }, - { - "name" : "75126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150610 Multiple Vulnerabilities in ISPConfig", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535734/100/0/threaded" + }, + { + "name": "http://bugtracker.ispconfig.org/index.php?do=details&task_id=3898", + "refsource": "CONFIRM", + "url": "http://bugtracker.ispconfig.org/index.php?do=details&task_id=3898" + }, + { + "name": "75126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75126" + }, + { + "name": "http://packetstormsecurity.com/files/132238/ISPConfig-3.0.5.4p6-SQL-Injection-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132238/ISPConfig-3.0.5.4p6-SQL-Injection-Cross-Site-Request-Forgery.html" + }, + { + "name": "37259", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37259/" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23260", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23260" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4237.json b/2015/4xxx/CVE-2015-4237.json index 7998a355e9f..61622f7d97d 100644 --- a/2015/4xxx/CVE-2015-4237.json +++ b/2015/4xxx/CVE-2015-4237.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150701 Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39583" - }, - { - "name" : "1032775", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032775", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032775" + }, + { + "name": "20150701 Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39583" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5328.json b/2015/5xxx/CVE-2015-5328.json index 9cb879f44bd..c8f8a172655 100644 --- a/2015/5xxx/CVE-2015-5328.json +++ b/2015/5xxx/CVE-2015-5328.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5328", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5328", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999047.json b/2018/1999xxx/CVE-2018-1999047.json index 22947176f6b..3bfaec619be 100644 --- a/2018/1999xxx/CVE-2018-1999047.json +++ b/2018/1999xxx/CVE-2018-1999047.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-18T21:50:59.838728", - "DATE_REQUESTED" : "2018-08-15T00:00:00", - "ID" : "CVE-2018-1999047", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.137 and earlier, 2.121.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-18T21:50:59.838728", + "DATE_REQUESTED": "2018-08-15T00:00:00", + "ID": "CVE-2018-1999047", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1076", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1076", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1076" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2103.json b/2018/2xxx/CVE-2018-2103.json index aab3744999f..7471aebebc4 100644 --- a/2018/2xxx/CVE-2018-2103.json +++ b/2018/2xxx/CVE-2018-2103.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2103", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2103", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2342.json b/2018/2xxx/CVE-2018-2342.json index de26afb25b4..b4251d76de0 100644 --- a/2018/2xxx/CVE-2018-2342.json +++ b/2018/2xxx/CVE-2018-2342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2342", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2342", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2459.json b/2018/2xxx/CVE-2018-2459.json index fa1a85f0800..d932ef1e75e 100644 --- a/2018/2xxx/CVE-2018-2459.json +++ b/2018/2xxx/CVE-2018-2459.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Mobile Platform", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "3.0" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Mobile Platform", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2672919", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2672919" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" - }, - { - "name" : "105338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105338" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2672919", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2672919" + }, + { + "name": "105338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105338" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2465.json b/2018/2xxx/CVE-2018-2465.json index d1068083df1..3feb7337bb9 100644 --- a/2018/2xxx/CVE-2018-2465.json +++ b/2018/2xxx/CVE-2018-2465.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP HANA", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "1.0" - }, - { - "version_name" : "=", - "version_value" : "2.0" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP HANA", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "1.0" + }, + { + "version_name": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2681207", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2681207" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" - }, - { - "name" : "105324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105324" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105324" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2681207", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2681207" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3211.json b/2018/3xxx/CVE-2018-3211.json index fd74c952baf..010f9f070fc 100644 --- a/2018/3xxx/CVE-2018-3211.json +++ b/2018/3xxx/CVE-2018-3211.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 8u181, 11" - }, - { - "version_affected" : "=", - "version_value" : "Java SE Embedded: 8u181" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). This vulnerability can only be exploited when Java Usage Tracker functionality is being used. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 8u181, 11" + }, + { + "version_affected": "=", + "version_value": "Java SE Embedded: 8u181" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0001/" - }, - { - "name" : "RHSA-2018:3002", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3002" - }, - { - "name" : "RHSA-2018:3003", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3003" - }, - { - "name" : "105591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105591" - }, - { - "name" : "1041889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). This vulnerability can only be exploited when Java Usage Tracker functionality is being used. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0001/" + }, + { + "name": "RHSA-2018:3003", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3003" + }, + { + "name": "RHSA-2018:3002", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3002" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105591" + }, + { + "name": "1041889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041889" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3443.json b/2018/3xxx/CVE-2018-3443.json index 3bcd3f1e623..b956c1c932a 100644 --- a/2018/3xxx/CVE-2018-3443.json +++ b/2018/3xxx/CVE-2018-3443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3443", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3443", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3461.json b/2018/3xxx/CVE-2018-3461.json index 0063de062d2..d28da3483a7 100644 --- a/2018/3xxx/CVE-2018-3461.json +++ b/2018/3xxx/CVE-2018-3461.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3461", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3461", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3645.json b/2018/3xxx/CVE-2018-3645.json index aaa1dbd8145..3f981e09fee 100644 --- a/2018/3xxx/CVE-2018-3645.json +++ b/2018/3xxx/CVE-2018-3645.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-04-03T00:00:00", - "ID" : "CVE-2018-3645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Remote Keyboard", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-04-03T00:00:00", + "ID": "CVE-2018-3645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Remote Keyboard", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00122&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00122&languageid=en-fr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00122&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00122&languageid=en-fr" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6156.json b/2018/6xxx/CVE-2018-6156.json index c8581468a0b..2d1152a1226 100644 --- a/2018/6xxx/CVE-2018-6156.json +++ b/2018/6xxx/CVE-2018-6156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6285.json b/2018/6xxx/CVE-2018-6285.json index 0cab2d1dfce..191cb8bef74 100644 --- a/2018/6xxx/CVE-2018-6285.json +++ b/2018/6xxx/CVE-2018-6285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6285", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6285", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6306.json b/2018/6xxx/CVE-2018-6306.json index 57b63f3d2e3..75c881e9c3c 100644 --- a/2018/6xxx/CVE-2018-6306.json +++ b/2018/6xxx/CVE-2018-6306.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2018-04-12T00:00:00", - "ID" : "CVE-2018-6306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kaspersky Password Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Before 8.0.6.538" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthorized code execution from specific DLL" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2018-04-12T00:00:00", + "ID": "CVE-2018-6306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kaspersky Password Manager", + "version": { + "version_data": [ + { + "version_value": "Before 8.0.6.538" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418", - "refsource" : "CONFIRM", - "url" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized code execution from specific DLL" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418", + "refsource": "CONFIRM", + "url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6338.json b/2018/6xxx/CVE-2018-6338.json index 3797a2d65c7..78d1d3929ed 100644 --- a/2018/6xxx/CVE-2018-6338.json +++ b/2018/6xxx/CVE-2018-6338.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6338", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6338", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6943.json b/2018/6xxx/CVE-2018-6943.json index e0bd2f4c719..4238f9b78b8 100644 --- a/2018/6xxx/CVE-2018-6943.json +++ b/2018/6xxx/CVE-2018-6943.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/146403/WordPress-UltimateMember-2.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/146403/WordPress-UltimateMember-2.0-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/146403/WordPress-UltimateMember-2.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/146403/WordPress-UltimateMember-2.0-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7119.json b/2018/7xxx/CVE-2018-7119.json index cd48781ad66..95471b9e40f 100644 --- a/2018/7xxx/CVE-2018-7119.json +++ b/2018/7xxx/CVE-2018-7119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7167.json b/2018/7xxx/CVE-2018-7167.json index 3051ebc5f3b..981348be4fd 100644 --- a/2018/7xxx/CVE-2018-7167.json +++ b/2018/7xxx/CVE-2018-7167.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-request@iojs.org", - "DATE_PUBLIC" : "2018-06-12T00:00:00", - "ID" : "CVE-2018-7167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Node.js", - "version" : { - "version_data" : [ - { - "version_value" : "6.x+" - }, - { - "version_value" : "8.x+" - }, - { - "version_value" : "9.x+" - }, - { - "version_value" : "10.x+" - } - ] - } - } - ] - }, - "vendor_name" : "The Node.js Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS \"Boron\"), 8.x (LTS \"Carbon\"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "cve-request@iojs.org", + "DATE_PUBLIC": "2018-06-12T00:00:00", + "ID": "CVE-2018-7167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Node.js", + "version": { + "version_data": [ + { + "version_value": "6.x+" + }, + { + "version_value": "8.x+" + }, + { + "version_value": "9.x+" + }, + { + "version_value": "10.x+" + } + ] + } + } + ] + }, + "vendor_name": "The Node.js Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" - }, - { - "name" : "106363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS \"Boron\"), 8.x (LTS \"Carbon\"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106363" + }, + { + "name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7631.json b/2018/7xxx/CVE-2018-7631.json index 97570319b2d..594ab4ee13c 100644 --- a/2018/7xxx/CVE-2018-7631.json +++ b/2018/7xxx/CVE-2018-7631.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading \"/\" and without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/", - "refsource" : "MISC", - "url" : "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading \"/\" and without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/", + "refsource": "MISC", + "url": "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7862.json b/2018/7xxx/CVE-2018-7862.json index e1072ce849e..ab718042b90 100644 --- a/2018/7xxx/CVE-2018-7862.json +++ b/2018/7xxx/CVE-2018-7862.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7862", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7862", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file