From 6b20b6ddca610e2aa6fc0167f24300291808674f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:45:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0354.json | 34 +- 2005/0xxx/CVE-2005-0394.json | 34 +- 2005/0xxx/CVE-2005-0962.json | 150 ++++---- 2005/0xxx/CVE-2005-0995.json | 180 +++++----- 2005/1xxx/CVE-2005-1489.json | 140 ++++---- 2005/1xxx/CVE-2005-1650.json | 130 +++---- 2005/2xxx/CVE-2005-2618.json | 370 ++++++++++---------- 2005/3xxx/CVE-2005-3018.json | 160 ++++----- 2005/3xxx/CVE-2005-3143.json | 140 ++++---- 2005/3xxx/CVE-2005-3415.json | 210 +++++------ 2005/3xxx/CVE-2005-3802.json | 190 +++++----- 2005/3xxx/CVE-2005-3974.json | 190 +++++----- 2005/4xxx/CVE-2005-4016.json | 160 ++++----- 2005/4xxx/CVE-2005-4389.json | 160 ++++----- 2005/4xxx/CVE-2005-4687.json | 150 ++++---- 2009/0xxx/CVE-2009-0273.json | 200 +++++------ 2009/0xxx/CVE-2009-0323.json | 150 ++++---- 2009/0xxx/CVE-2009-0373.json | 160 ++++----- 2009/0xxx/CVE-2009-0690.json | 170 ++++----- 2009/0xxx/CVE-2009-0824.json | 220 ++++++------ 2009/2xxx/CVE-2009-2598.json | 140 ++++---- 2009/2xxx/CVE-2009-2844.json | 180 +++++----- 2009/3xxx/CVE-2009-3248.json | 190 +++++----- 2009/3xxx/CVE-2009-3535.json | 160 ++++----- 2009/3xxx/CVE-2009-3551.json | 190 +++++----- 2009/3xxx/CVE-2009-3936.json | 170 ++++----- 2009/4xxx/CVE-2009-4340.json | 140 ++++---- 2009/4xxx/CVE-2009-4358.json | 140 ++++---- 2009/4xxx/CVE-2009-4541.json | 190 +++++----- 2009/4xxx/CVE-2009-4945.json | 140 ++++---- 2012/2xxx/CVE-2012-2926.json | 210 +++++------ 2015/0xxx/CVE-2015-0168.json | 120 +++---- 2015/0xxx/CVE-2015-0325.json | 240 ++++++------- 2015/1xxx/CVE-2015-1196.json | 190 +++++----- 2015/1xxx/CVE-2015-1360.json | 160 ++++----- 2015/1xxx/CVE-2015-1781.json | 250 ++++++------- 2015/5xxx/CVE-2015-5720.json | 140 ++++---- 2015/5xxx/CVE-2015-5744.json | 34 +- 2018/11xxx/CVE-2018-11484.json | 34 +- 2018/11xxx/CVE-2018-11904.json | 620 ++++++++++++++++----------------- 2018/3xxx/CVE-2018-3162.json | 180 +++++----- 2018/3xxx/CVE-2018-3303.json | 140 ++++---- 2018/3xxx/CVE-2018-3399.json | 34 +- 2018/3xxx/CVE-2018-3756.json | 122 +++---- 2018/3xxx/CVE-2018-3802.json | 34 +- 2018/6xxx/CVE-2018-6255.json | 34 +- 2018/7xxx/CVE-2018-7155.json | 34 +- 2018/7xxx/CVE-2018-7632.json | 120 +++---- 2018/7xxx/CVE-2018-7808.json | 34 +- 2018/8xxx/CVE-2018-8023.json | 134 +++---- 2018/8xxx/CVE-2018-8492.json | 260 +++++++------- 2018/8xxx/CVE-2018-8569.json | 130 +++---- 2018/8xxx/CVE-2018-8681.json | 34 +- 2018/8xxx/CVE-2018-8856.json | 142 ++++---- 54 files changed, 4184 insertions(+), 4184 deletions(-) diff --git a/2005/0xxx/CVE-2005-0354.json b/2005/0xxx/CVE-2005-0354.json index 413250dc373..259c7a4a58b 100644 --- a/2005/0xxx/CVE-2005-0354.json +++ b/2005/0xxx/CVE-2005-0354.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0354", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0354", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0394.json b/2005/0xxx/CVE-2005-0394.json index 7969d78d633..dac940645bb 100644 --- a/2005/0xxx/CVE-2005-0394.json +++ b/2005/0xxx/CVE-2005-0394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0394", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0394", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0962.json b/2005/0xxx/CVE-2005-0962.json index 84e37a874b5..02a957827c0 100644 --- a/2005/0xxx/CVE-2005-0962.json +++ b/2005/0xxx/CVE-2005-0962.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://digitalparadox.org/advisories/sqc.txt", - "refsource" : "MISC", - "url" : "http://digitalparadox.org/advisories/sqc.txt" - }, - { - "name" : "12944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12944" - }, - { - "name" : "14770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14770" - }, - { - "name" : "squirrelcart-index-sql-injection(19904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://digitalparadox.org/advisories/sqc.txt", + "refsource": "MISC", + "url": "http://digitalparadox.org/advisories/sqc.txt" + }, + { + "name": "squirrelcart-index-sql-injection(19904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19904" + }, + { + "name": "12944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12944" + }, + { + "name": "14770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14770" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0995.json b/2005/0xxx/CVE-2005-0995.json index 39f46018540..f2382828ef9 100644 --- a/2005/0xxx/CVE-2005-0995.json +++ b/2005/0xxx/CVE-2005-0995.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://digitalparadox.org/advisories/prodcart.txt", - "refsource" : "MISC", - "url" : "http://digitalparadox.org/advisories/prodcart.txt" - }, - { - "name" : "12990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12990" - }, - { - "name" : "14833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14833" - }, - { - "name" : "15264", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15264" - }, - { - "name" : "15266", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15266" - }, - { - "name" : "15267", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15267" - }, - { - "name" : "15268", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15264", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15264" + }, + { + "name": "15267", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15267" + }, + { + "name": "14833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14833" + }, + { + "name": "12990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12990" + }, + { + "name": "15268", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15268" + }, + { + "name": "http://digitalparadox.org/advisories/prodcart.txt", + "refsource": "MISC", + "url": "http://digitalparadox.org/advisories/prodcart.txt" + }, + { + "name": "15266", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15266" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1489.json b/2005/1xxx/CVE-2005-1489.json index 4807a8bc3e7..3ccab76c220 100644 --- a/2005/1xxx/CVE-2005-1489.json +++ b/2005/1xxx/CVE-2005-1489.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050504 Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111530933016434&w=2" - }, - { - "name" : "15249", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15249" - }, - { - "name" : "merak-icewarp-script-path-disclosure(20469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050504 Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111530933016434&w=2" + }, + { + "name": "15249", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15249" + }, + { + "name": "merak-icewarp-script-path-disclosure(20469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20469" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1650.json b/2005/1xxx/CVE-2005-1650.json index e9ae5e647b9..7e8e2336729 100644 --- a/2005/1xxx/CVE-2005-1650.json +++ b/2005/1xxx/CVE-2005-1650.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13597" - }, - { - "name" : "15268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15268" + }, + { + "name": "13597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13597" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2618.json b/2005/2xxx/CVE-2005-2618.json index f8410be5626..db609f760eb 100644 --- a/2005/2xxx/CVE-2005-2618.json +++ b/2005/2xxx/CVE-2005-2618.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060210 Secunia Research: Lotus Notes UUE File Handling Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424689/100/0/threaded" - }, - { - "name" : "20060210 Secunia Research: Lotus Notes ZIP File Handling Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424626/100/0/threaded" - }, - { - "name" : "20060210 Secunia Research: Lotus Notes HTML Speed Reader Link BufferOverflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424692/100/0/threaded" - }, - { - "name" : "20060210 Secunia Research: Lotus Notes TAR Reader File Extraction BufferOverflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424666/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2005-66/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-66/advisory/" - }, - { - "name" : "http://secunia.com/secunia_research/2005-32/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-32/advisory/" - }, - { - "name" : "http://secunia.com/secunia_research/2005-34/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-34/advisory/" - }, - { - "name" : "http://secunia.com/secunia_research/2005-36/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-36/advisory/" - }, - { - "name" : "http://secunia.com/secunia_research/2005-37/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-37/advisory/" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918" - }, - { - "name" : "VU#884076", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/884076" - }, - { - "name" : "16576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16576" - }, - { - "name" : "ADV-2006-0500", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0500" - }, - { - "name" : "ADV-2006-0501", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0501" - }, - { - "name" : "23064", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23064" - }, - { - "name" : "23065", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23065" - }, - { - "name" : "23066", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23066" - }, - { - "name" : "23067", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23067" - }, - { - "name" : "23068", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23068" - }, - { - "name" : "1015657", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015657" - }, - { - "name" : "16100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16100" - }, - { - "name" : "16280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16280" - }, - { - "name" : "lotus-htmsr-link-bo(24639)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24639" - }, - { - "name" : "lotus-kvarcve-filename-bo(24635)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24635" - }, - { - "name" : "lotus-tarrdr-filename-bo(24638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24638" - }, - { - "name" : "lotus-uudrdr-uue-bo(24636)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-kvarcve-filename-bo(24635)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24635" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918" + }, + { + "name": "http://secunia.com/secunia_research/2005-34/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-34/advisory/" + }, + { + "name": "23067", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23067" + }, + { + "name": "lotus-uudrdr-uue-bo(24636)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24636" + }, + { + "name": "ADV-2006-0500", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0500" + }, + { + "name": "ADV-2006-0501", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0501" + }, + { + "name": "20060210 Secunia Research: Lotus Notes ZIP File Handling Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424626/100/0/threaded" + }, + { + "name": "23064", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23064" + }, + { + "name": "23066", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23066" + }, + { + "name": "1015657", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015657" + }, + { + "name": "http://secunia.com/secunia_research/2005-36/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-36/advisory/" + }, + { + "name": "23065", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23065" + }, + { + "name": "16576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16576" + }, + { + "name": "20060210 Secunia Research: Lotus Notes UUE File Handling Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424689/100/0/threaded" + }, + { + "name": "16100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16100" + }, + { + "name": "lotus-htmsr-link-bo(24639)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24639" + }, + { + "name": "lotus-tarrdr-filename-bo(24638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24638" + }, + { + "name": "http://secunia.com/secunia_research/2005-32/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-32/advisory/" + }, + { + "name": "VU#884076", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/884076" + }, + { + "name": "http://secunia.com/secunia_research/2005-66/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-66/advisory/" + }, + { + "name": "20060210 Secunia Research: Lotus Notes HTML Speed Reader Link BufferOverflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424692/100/0/threaded" + }, + { + "name": "16280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16280" + }, + { + "name": "23068", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23068" + }, + { + "name": "20060210 Secunia Research: Lotus Notes TAR Reader File Extraction BufferOverflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424666/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2005-37/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-37/advisory/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3018.json b/2005/3xxx/CVE-2005-3018.json index f87657057a3..5819eb9c7ca 100644 --- a/2005/3xxx/CVE-2005-3018.json +++ b/2005/3xxx/CVE-2005-3018.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050917 Possible memory corruption problems in Apple Safari", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112715234411672&w=2" - }, - { - "name" : "14868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14868" - }, - { - "name" : "19569", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19569" - }, - { - "name" : "16875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16875/" - }, - { - "name" : "safari-data-uri-dos(22331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "safari-data-uri-dos(22331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22331" + }, + { + "name": "20050917 Possible memory corruption problems in Apple Safari", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112715234411672&w=2" + }, + { + "name": "16875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16875/" + }, + { + "name": "14868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14868" + }, + { + "name": "19569", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19569" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3143.json b/2005/3xxx/CVE-2005-3143.json index d04f8a84329..f749977565d 100644 --- a/2005/3xxx/CVE-2005-3143.json +++ b/2005/3xxx/CVE-2005-3143.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History_535.txt", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History_535.txt" - }, - { - "name" : "14981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14981" - }, - { - "name" : "17003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History_535.txt", + "refsource": "CONFIRM", + "url": "ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History_535.txt" + }, + { + "name": "14981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14981" + }, + { + "name": "17003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17003" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3415.json b/2005/3xxx/CVE-2005-3415.json index 416106be399..c32a19aed51 100644 --- a/2005/3xxx/CVE-2005-3415.json +++ b/2005/3xxx/CVE-2005-3415.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113081113317600&w=2" - }, - { - "name" : "http://www.hardened-php.net/advisory_172005.75.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_172005.75.html" - }, - { - "name" : "DSA-925", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-925" - }, - { - "name" : "15243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15243" - }, - { - "name" : "20386", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20386" - }, - { - "name" : "1015121", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015121" - }, - { - "name" : "17366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17366" - }, - { - "name" : "18098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18098" - }, - { - "name" : "130", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/130" - }, - { - "name" : "phpbb-multiple-variables-bypass-security(22914)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbb-multiple-variables-bypass-security(22914)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22914" + }, + { + "name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113081113317600&w=2" + }, + { + "name": "20386", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20386" + }, + { + "name": "DSA-925", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-925" + }, + { + "name": "17366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17366" + }, + { + "name": "130", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/130" + }, + { + "name": "18098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18098" + }, + { + "name": "http://www.hardened-php.net/advisory_172005.75.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_172005.75.html" + }, + { + "name": "1015121", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015121" + }, + { + "name": "15243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15243" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3802.json b/2005/3xxx/CVE-2005-3802.json index 73a066261aa..f7d90789bf2 100644 --- a/2005/3xxx/CVE-2005-3802.json +++ b/2005/3xxx/CVE-2005-3802.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051115 Authentication vulnerability in Belkin wireless devices", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113209977115233&w=2" - }, - { - "name" : "20051115 Authentication vulnerability in Belkin wireless devices", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0489.html" - }, - { - "name" : "15444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15444/" - }, - { - "name" : "ADV-2005-2453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2453" - }, - { - "name" : "20877", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20877" - }, - { - "name" : "17601", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17601/" - }, - { - "name" : "186", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/186" - }, - { - "name" : "belkin-wireless-auth-bypass(23059)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15444/" + }, + { + "name": "20051115 Authentication vulnerability in Belkin wireless devices", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0489.html" + }, + { + "name": "17601", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17601/" + }, + { + "name": "186", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/186" + }, + { + "name": "belkin-wireless-auth-bypass(23059)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23059" + }, + { + "name": "ADV-2005-2453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2453" + }, + { + "name": "20877", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20877" + }, + { + "name": "20051115 Authentication vulnerability in Belkin wireless devices", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113209977115233&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3974.json b/2005/3xxx/CVE-2005-3974.json index daa13a574ed..c0152ea2a21 100644 --- a/2005/3xxx/CVE-2005-3974.json +++ b/2005/3xxx/CVE-2005-3974.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the \"access user profiles\" permission." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051201 [DRUPAL-SA-2005-009] Drupal 4.6.4 / 4.5.6 fixes minor access control issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418336/100/0/threaded" - }, - { - "name" : "http://drupal.org/files/sa-2005-009/4.6.3.patch", - "refsource" : "MISC", - "url" : "http://drupal.org/files/sa-2005-009/4.6.3.patch" - }, - { - "name" : "http://drupal.org/files/sa-2005-009/advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/files/sa-2005-009/advisory.txt" - }, - { - "name" : "DSA-958", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-958" - }, - { - "name" : "15674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15674" - }, - { - "name" : "ADV-2005-2684", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2684" - }, - { - "name" : "17824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17824" - }, - { - "name" : "18630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the \"access user profiles\" permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2684", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2684" + }, + { + "name": "http://drupal.org/files/sa-2005-009/4.6.3.patch", + "refsource": "MISC", + "url": "http://drupal.org/files/sa-2005-009/4.6.3.patch" + }, + { + "name": "DSA-958", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-958" + }, + { + "name": "15674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15674" + }, + { + "name": "18630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18630" + }, + { + "name": "20051201 [DRUPAL-SA-2005-009] Drupal 4.6.4 / 4.5.6 fixes minor access control issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418336/100/0/threaded" + }, + { + "name": "http://drupal.org/files/sa-2005-009/advisory.txt", + "refsource": "CONFIRM", + "url": "http://drupal.org/files/sa-2005-009/advisory.txt" + }, + { + "name": "17824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17824" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4016.json b/2005/4xxx/CVE-2005-4016.json index 4eeab903142..17e562221e1 100644 --- a/2005/4xxx/CVE-2005-4016.json +++ b/2005/4xxx/CVE-2005-4016.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/widget-property-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/widget-property-vuln.html" - }, - { - "name" : "15701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15701" - }, - { - "name" : "ADV-2005-2741", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2741" - }, - { - "name" : "21426", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21426" - }, - { - "name" : "17829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/widget-property-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/widget-property-vuln.html" + }, + { + "name": "21426", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21426" + }, + { + "name": "15701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15701" + }, + { + "name": "ADV-2005-2741", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2741" + }, + { + "name": "17829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17829" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4389.json b/2005/4xxx/CVE-2005-4389.json index edeff90bd82..3c876b147bb 100644 --- a/2005/4xxx/CVE-2005-4389.json +++ b/2005/4xxx/CVE-2005-4389.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/contens-searchcfm-multiple-input.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/contens-searchcfm-multiple-input.html" - }, - { - "name" : "ADV-2005-2981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2981" - }, - { - "name" : "21825", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21825" - }, - { - "name" : "18143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18143" - }, - { - "name" : "contens-search-path-disclosure(23824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21825", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21825" + }, + { + "name": "ADV-2005-2981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2981" + }, + { + "name": "contens-search-path-disclosure(23824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23824" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/contens-searchcfm-multiple-input.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/contens-searchcfm-multiple-input.html" + }, + { + "name": "18143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18143" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4687.json b/2005/4xxx/CVE-2005-4687.json index ec84d2b6a5c..aaa903d3794 100644 --- a/2005/4xxx/CVE-2005-4687.json +++ b/2005/4xxx/CVE-2005-4687.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt", - "refsource" : "CONFIRM", - "url" : "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt" - }, - { - "name" : "15326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15326" - }, - { - "name" : "17425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17425" - }, - { - "name" : "17433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15326" + }, + { + "name": "17433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17433" + }, + { + "name": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt", + "refsource": "CONFIRM", + "url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt" + }, + { + "name": "17425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17425" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0273.json b/2009/0xxx/CVE-2009-0273.json index 85a57ed883e..b3dd0b63c6f 100644 --- a/2009/0xxx/CVE-2009-0273.json +++ b/2009/0xxx/CVE-2009-0273.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090130 PR08-22: Persistent XSS on Novell GroupWise WebAccess", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500572/100/0/threaded" - }, - { - "name" : "20090130 PR08-23: XSS on Novell GroupWise WebAccess", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500575/100/0/threaded" - }, - { - "name" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22" - }, - { - "name" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23" - }, - { - "name" : "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320" - }, - { - "name" : "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321" - }, - { - "name" : "33537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33537" - }, - { - "name" : "33541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33541" - }, - { - "name" : "33744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33744" + }, + { + "name": "33541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33541" + }, + { + "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23", + "refsource": "MISC", + "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23" + }, + { + "name": "33537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33537" + }, + { + "name": "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320" + }, + { + "name": "20090130 PR08-23: XSS on Novell GroupWise WebAccess", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500575/100/0/threaded" + }, + { + "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22", + "refsource": "MISC", + "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22" + }, + { + "name": "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321" + }, + { + "name": "20090130 PR08-22: Persistent XSS on Novell GroupWise WebAccess", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500572/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0323.json b/2009/0xxx/CVE-2009-0323.json index 39d95831378..7268bf4d8df 100644 --- a/2009/0xxx/CVE-2009-0323.json +++ b/2009/0xxx/CVE-2009-0323.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an \"HTML GI\" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090128 CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500492/100/0/threaded" - }, - { - "name" : "7902", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7902" - }, - { - "name" : "http://www.coresecurity.com/content/amaya-buffer-overflows", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/amaya-buffer-overflows" - }, - { - "name" : "amaya-html-tags-bo(48325)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an \"HTML GI\" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090128 CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500492/100/0/threaded" + }, + { + "name": "http://www.coresecurity.com/content/amaya-buffer-overflows", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/amaya-buffer-overflows" + }, + { + "name": "7902", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7902" + }, + { + "name": "amaya-html-tags-bo(48325)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48325" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0373.json b/2009/0xxx/CVE-2009-0373.json index 930fb78294d..2ee6cdf346c 100644 --- a/2009/0xxx/CVE-2009-0373.json +++ b/2009/0xxx/CVE-2009-0373.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7881", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7881" - }, - { - "name" : "33455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33455" - }, - { - "name" : "ADV-2009-0249", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0249" - }, - { - "name" : "33646", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33646" - }, - { - "name" : "flashmagazine-index-sql-injection(48226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7881", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7881" + }, + { + "name": "33646", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33646" + }, + { + "name": "33455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33455" + }, + { + "name": "flashmagazine-index-sql-injection(48226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48226" + }, + { + "name": "ADV-2009-0249", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0249" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0690.json b/2009/0xxx/CVE-2009-0690.json index b631ce5b851..4410726a6c6 100644 --- a/2009/0xxx/CVE-2009-0690.json +++ b/2009/0xxx/CVE-2009-0690.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-0690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.foxitsoftware.com/pdf/reader/security.htm#0602", - "refsource" : "CONFIRM", - "url" : "http://www.foxitsoftware.com/pdf/reader/security.htm#0602" - }, - { - "name" : "VU#251793", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/251793" - }, - { - "name" : "35442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35442" - }, - { - "name" : "1022425", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022425" - }, - { - "name" : "35512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35512" - }, - { - "name" : "ADV-2009-1640", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35442" + }, + { + "name": "http://www.foxitsoftware.com/pdf/reader/security.htm#0602", + "refsource": "CONFIRM", + "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#0602" + }, + { + "name": "1022425", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022425" + }, + { + "name": "VU#251793", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/251793" + }, + { + "name": "35512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35512" + }, + { + "name": "ADV-2009-1640", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1640" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0824.json b/2009/0xxx/CVE-2009-0824.json index 2ceca66b36e..5b478fb1cf9 100644 --- a/2009/0xxx/CVE-2009-0824.json +++ b/2009/0xxx/CVE-2009-0824.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090312 [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501713/100/0/threaded" - }, - { - "name" : "http://en.securitylab.ru/lab/PT-2009-11", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/lab/PT-2009-11" - }, - { - "name" : "http://www.slysoft.com/download/changes_anydvd.txt", - "refsource" : "CONFIRM", - "url" : "http://www.slysoft.com/download/changes_anydvd.txt" - }, - { - "name" : "http://www.slysoft.com/download/changes_clonedvd.txt", - "refsource" : "CONFIRM", - "url" : "http://www.slysoft.com/download/changes_clonedvd.txt" - }, - { - "name" : "34103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34103" - }, - { - "name" : "52679", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52679" - }, - { - "name" : "34269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34269" - }, - { - "name" : "34288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34288" - }, - { - "name" : "34289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34289" - }, - { - "name" : "34287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34287" - }, - { - "name" : "slysoft-elbycdio-dos(49232)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34288" + }, + { + "name": "http://www.slysoft.com/download/changes_clonedvd.txt", + "refsource": "CONFIRM", + "url": "http://www.slysoft.com/download/changes_clonedvd.txt" + }, + { + "name": "slysoft-elbycdio-dos(49232)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49232" + }, + { + "name": "34289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34289" + }, + { + "name": "34269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34269" + }, + { + "name": "34287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34287" + }, + { + "name": "http://www.slysoft.com/download/changes_anydvd.txt", + "refsource": "CONFIRM", + "url": "http://www.slysoft.com/download/changes_anydvd.txt" + }, + { + "name": "http://en.securitylab.ru/lab/PT-2009-11", + "refsource": "MISC", + "url": "http://en.securitylab.ru/lab/PT-2009-11" + }, + { + "name": "34103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34103" + }, + { + "name": "52679", + "refsource": "OSVDB", + "url": "http://osvdb.org/52679" + }, + { + "name": "20090312 [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501713/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2598.json b/2009/2xxx/CVE-2009-2598.json index ae913b1db41..a0515f7b951 100644 --- a/2009/2xxx/CVE-2009-2598.json +++ b/2009/2xxx/CVE-2009-2598.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090601 MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -->", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503943/100/0/threaded" - }, - { - "name" : "8844", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8844" - }, - { - "name" : "35304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090601 MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -->", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503943/100/0/threaded" + }, + { + "name": "8844", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8844" + }, + { + "name": "35304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35304" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2844.json b/2009/2xxx/CVE-2009-2844.json index 7e3c35ddb10..0d2751ba85e 100644 --- a/2009/2xxx/CVE-2009-2844.json +++ b/2009/2xxx/CVE-2009-2844.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090817 CVE request: kernel: cfg80211: missing NULL pointer checks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/17/1" - }, - { - "name" : "[oss-security] 20090817 Re: CVE request: kernel: cfg80211: missing NULL pointer checks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/17/2" - }, - { - "name" : "http://jon.oberheide.org/files/cfg80211-remote-dos.c", - "refsource" : "MISC", - "url" : "http://jon.oberheide.org/files/cfg80211-remote-dos.c" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cd3468bad96c00b5a512f551674f36776129520e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cd3468bad96c00b5a512f551674f36776129520e" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5" - }, - { - "name" : "36052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36052" - }, - { - "name" : "36278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36278" + }, + { + "name": "http://jon.oberheide.org/files/cfg80211-remote-dos.c", + "refsource": "MISC", + "url": "http://jon.oberheide.org/files/cfg80211-remote-dos.c" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cd3468bad96c00b5a512f551674f36776129520e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cd3468bad96c00b5a512f551674f36776129520e" + }, + { + "name": "[oss-security] 20090817 Re: CVE request: kernel: cfg80211: missing NULL pointer checks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/17/2" + }, + { + "name": "[oss-security] 20090817 CVE request: kernel: cfg80211: missing NULL pointer checks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/17/1" + }, + { + "name": "36052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36052" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3248.json b/2009/3xxx/CVE-2009-3248.json index e56a687f1ab..0eba4593d6f 100644 --- a/2009/3xxx/CVE-2009-3248.json +++ b/2009/3xxx/CVE-2009-3248.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090818 Vtiger CRM 5.0.4 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=125060676515670&w=2" - }, - { - "name" : "9450", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9450" - }, - { - "name" : "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/" - }, - { - "name" : "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt" - }, - { - "name" : "36062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36062" - }, - { - "name" : "57238", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/57238" - }, - { - "name" : "36309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36309" - }, - { - "name" : "ADV-2009-2319", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/" + }, + { + "name": "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt" + }, + { + "name": "9450", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9450" + }, + { + "name": "20090818 Vtiger CRM 5.0.4 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=125060676515670&w=2" + }, + { + "name": "36062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36062" + }, + { + "name": "57238", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/57238" + }, + { + "name": "36309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36309" + }, + { + "name": "ADV-2009-2319", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2319" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3535.json b/2009/3xxx/CVE-2009-3535.json index e1b9fddccf9..2715c1fb1af 100644 --- a/2009/3xxx/CVE-2009-3535.json +++ b/2009/3xxx/CVE-2009-3535.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9089", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9089" - }, - { - "name" : "http://packetstormsecurity.org/0907-exploits/clearcontent-rfilfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/clearcontent-rfilfi.txt" - }, - { - "name" : "55742", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55742" - }, - { - "name" : "35726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35726" - }, - { - "name" : "clearcontent-image-file-include(51629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0907-exploits/clearcontent-rfilfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/clearcontent-rfilfi.txt" + }, + { + "name": "35726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35726" + }, + { + "name": "clearcontent-image-file-include(51629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51629" + }, + { + "name": "9089", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9089" + }, + { + "name": "55742", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55742" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3551.json b/2009/3xxx/CVE-2009-3551.json index fc533e66896..eaa0aa00f1c 100644 --- a/2009/3xxx/CVE-2009-3551.json +++ b/2009/3xxx/CVE-2009-3551.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-07.html" - }, - { - "name" : "36846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36846" - }, - { - "name" : "oval:org.mitre.oval:def:6049", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6049" - }, - { - "name" : "37175", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37175" - }, - { - "name" : "37409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37409" - }, - { - "name" : "ADV-2009-3061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3061" - }, - { - "name" : "wireshark-negprotresponse-dos(54018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36846" + }, + { + "name": "oval:org.mitre.oval:def:6049", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6049" + }, + { + "name": "ADV-2009-3061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3061" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html" + }, + { + "name": "wireshark-negprotresponse-dos(54018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54018" + }, + { + "name": "37409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37409" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-07.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-07.html" + }, + { + "name": "37175", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37175" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3936.json b/2009/3xxx/CVE-2009-3936.json index 61617bca955..1dadf8df6bf 100644 --- a/2009/3xxx/CVE-2009-3936.json +++ b/2009/3xxx/CVE-2009-3936.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX123248", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX123248" - }, - { - "name" : "37073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37073" - }, - { - "name" : "1023168", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023168" - }, - { - "name" : "37319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37319" - }, - { - "name" : "ADV-2009-3206", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3206" - }, - { - "name" : "citrix-ssl-spoofing(54213)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3206", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3206" + }, + { + "name": "http://support.citrix.com/article/CTX123248", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX123248" + }, + { + "name": "37073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37073" + }, + { + "name": "37319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37319" + }, + { + "name": "1023168", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023168" + }, + { + "name": "citrix-ssl-spoofing(54213)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54213" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4340.json b/2009/4xxx/CVE-2009-4340.json index 1270ca94d50..f77cebc79c0 100644 --- a/2009/4xxx/CVE-2009-4340.json +++ b/2009/4xxx/CVE-2009-4340.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - }, - { - "name" : "ADV-2009-3550", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3550" - }, - { - "name" : "typo3-nis-xss(54784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-nis-xss(54784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54784" + }, + { + "name": "ADV-2009-3550", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3550" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4358.json b/2009/4xxx/CVE-2009-4358.json index ac46727b5b2..dfa5e974736 100644 --- a/2009/4xxx/CVE-2009-4358.json +++ b/2009/4xxx/CVE-2009-4358.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-09:17", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc" - }, - { - "name" : "37190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37190" - }, - { - "name" : "37575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-09:17", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc" + }, + { + "name": "37190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37190" + }, + { + "name": "37575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37575" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4541.json b/2009/4xxx/CVE-2009-4541.json index 4b2edbaaf58..4ba2a7cf879 100644 --- a/2009/4xxx/CVE-2009-4541.json +++ b/2009/4xxx/CVE-2009-4541.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9397", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9397" - }, - { - "name" : "35997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35997" - }, - { - "name" : "56869", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56869" - }, - { - "name" : "56870", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56870" - }, - { - "name" : "56871", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56871" - }, - { - "name" : "36208", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36208" - }, - { - "name" : "supportcenter-index-file-include(52352)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52352" - }, - { - "name" : "supportcenter-lang-file-include(52350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56870", + "refsource": "OSVDB", + "url": "http://osvdb.org/56870" + }, + { + "name": "35997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35997" + }, + { + "name": "56869", + "refsource": "OSVDB", + "url": "http://osvdb.org/56869" + }, + { + "name": "supportcenter-lang-file-include(52350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52350" + }, + { + "name": "36208", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36208" + }, + { + "name": "9397", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9397" + }, + { + "name": "56871", + "refsource": "OSVDB", + "url": "http://osvdb.org/56871" + }, + { + "name": "supportcenter-index-file-include(52352)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52352" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4945.json b/2009/4xxx/CVE-2009-4945.json index cae16abe927..12acb6213bd 100644 --- a/2009/4xxx/CVE-2009-4945.json +++ b/2009/4xxx/CVE-2009-4945.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090527 [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503855/100/0/threaded" - }, - { - "name" : "20090528 Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503911/100/0/threaded" - }, - { - "name" : "http://forum.intern0t.net/intern0t-advisories/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://forum.intern0t.net/intern0t-advisories/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090527 [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503855/100/0/threaded" + }, + { + "name": "20090528 Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503911/100/0/threaded" + }, + { + "name": "http://forum.intern0t.net/intern0t-advisories/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html", + "refsource": "MISC", + "url": "http://forum.intern0t.net/intern0t-advisories/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2926.json b/2012/2xxx/CVE-2012-2926.json index 7322daa6b68..0f3f6e936b1 100644 --- a/2012/2xxx/CVE-2012-2926.json +++ b/2012/2xxx/CVE-2012-2926.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17", - "refsource" : "CONFIRM", - "url" : "http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17" - }, - { - "name" : "http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17", - "refsource" : "CONFIRM", - "url" : "http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17" - }, - { - "name" : "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17", - "refsource" : "CONFIRM", - "url" : "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17" - }, - { - "name" : "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17", - "refsource" : "CONFIRM", - "url" : "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17" - }, - { - "name" : "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17", - "refsource" : "CONFIRM", - "url" : "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17" - }, - { - "name" : "53595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53595" - }, - { - "name" : "81993", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81993" - }, - { - "name" : "49146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49146" - }, - { - "name" : "jira-xml-dos(75697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75697" - }, - { - "name" : "fisheye-crucible-xml-dos(75682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fisheye-crucible-xml-dos(75682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75682" + }, + { + "name": "49146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49146" + }, + { + "name": "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17", + "refsource": "CONFIRM", + "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17" + }, + { + "name": "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17", + "refsource": "CONFIRM", + "url": "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17" + }, + { + "name": "81993", + "refsource": "OSVDB", + "url": "http://osvdb.org/81993" + }, + { + "name": "http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17", + "refsource": "CONFIRM", + "url": "http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17" + }, + { + "name": "53595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53595" + }, + { + "name": "http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17", + "refsource": "CONFIRM", + "url": "http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17" + }, + { + "name": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17", + "refsource": "CONFIRM", + "url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17" + }, + { + "name": "jira-xml-dos(75697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75697" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0168.json b/2015/0xxx/CVE-2015-0168.json index b8599790e85..f85ee938790 100644 --- a/2015/0xxx/CVE-2015-0168.json +++ b/2015/0xxx/CVE-2015-0168.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699470", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0325.json b/2015/0xxx/CVE-2015-0325.json index ed63e0bba1f..92c194998c9 100644 --- a/2015/0xxx/CVE-2015-0325.json +++ b/2015/0xxx/CVE-2015-0325.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0326 and CVE-2015-0328." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" - }, - { - "name" : "https://technet.microsoft.com/library/security/2755801", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/library/security/2755801" - }, - { - "name" : "GLSA-201502-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-02.xml" - }, - { - "name" : "RHSA-2015:0140", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0140.html" - }, - { - "name" : "SUSE-SU-2015:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:0239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:0237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" - }, - { - "name" : "72514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72514" - }, - { - "name" : "1031706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031706" - }, - { - "name" : "62886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62886" - }, - { - "name" : "62895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62895" - }, - { - "name" : "adobe-flash-cve20150325-dos(100711)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0326 and CVE-2015-0328." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201502-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml" + }, + { + "name": "openSUSE-SU-2015:0238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" + }, + { + "name": "62895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62895" + }, + { + "name": "adobe-flash-cve20150325-dos(100711)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100711" + }, + { + "name": "1031706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031706" + }, + { + "name": "62886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62886" + }, + { + "name": "https://technet.microsoft.com/library/security/2755801", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/library/security/2755801" + }, + { + "name": "openSUSE-SU-2015:0237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" + }, + { + "name": "SUSE-SU-2015:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" + }, + { + "name": "72514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72514" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" + }, + { + "name": "RHSA-2015:0140", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0140.html" + }, + { + "name": "SUSE-SU-2015:0239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1196.json b/2015/1xxx/CVE-2015-1196.json index 1b4fa87d5d0..0b20aa6a227 100644 --- a/2015/1xxx/CVE-2015-1196.json +++ b/2015/1xxx/CVE-2015-1196.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150118 Re: CVE request: directory traversal flaw in patch", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q1/173" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1182154", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1182154" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "openSUSE-SU-2015:0199", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html" - }, - { - "name" : "72074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72074" - }, - { - "name" : "gnupatch-unspecified-symlink(99967)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154" + }, + { + "name": "72074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72074" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227" + }, + { + "name": "[oss-security] 20150118 Re: CVE request: directory traversal flaw in patch", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q1/173" + }, + { + "name": "openSUSE-SU-2015:0199", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html" + }, + { + "name": "gnupatch-unspecified-symlink(99967)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1360.json b/2015/1xxx/CVE-2015-1360.json index 0b0f5e9c4e9..4d4ca5e3d0c 100644 --- a/2015/1xxx/CVE-2015-1360.json +++ b/2015/1xxx/CVE-2015-1360.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=416289", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=416289" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=449894", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=449894" - }, - { - "name" : "https://codereview.chromium.org/636233008", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/636233008" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codereview.chromium.org/636233008", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/636233008" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=416289", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=416289" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=449894", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=449894" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1781.json b/2015/1xxx/CVE-2015-1781.json index c85727c80d9..51d4c354974 100644 --- a/2015/1xxx/CVE-2015-1781.json +++ b/2015/1xxx/CVE-2015-1781.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available", - "refsource" : "MLIST", - "url" : "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=18287", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=18287" - }, - { - "name" : "https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3480", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3480" - }, - { - "name" : "FEDORA-2016-0480defc94", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html" - }, - { - "name" : "GLSA-201602-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201602-02" - }, - { - "name" : "RHSA-2015:0863", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2015-0863.html" - }, - { - "name" : "SUSE-SU-2015:1424", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html" - }, - { - "name" : "SUSE-SU-2016:0470", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html" - }, - { - "name" : "USN-2985-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2985-1" - }, - { - "name" : "USN-2985-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2985-2" - }, - { - "name" : "74255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74255" - }, - { - "name" : "1032178", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:1424", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html" + }, + { + "name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available", + "refsource": "MLIST", + "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" + }, + { + "name": "SUSE-SU-2016:0470", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html" + }, + { + "name": "USN-2985-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2985-2" + }, + { + "name": "GLSA-201602-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201602-02" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386" + }, + { + "name": "FEDORA-2016-0480defc94", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html" + }, + { + "name": "RHSA-2015:0863", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2015-0863.html" + }, + { + "name": "DSA-3480", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3480" + }, + { + "name": "USN-2985-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2985-1" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=18287", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18287" + }, + { + "name": "1032178", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032178" + }, + { + "name": "74255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74255" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5720.json b/2015/5xxx/CVE-2015-5720.json index 9daefc99db6..030df3f8237 100644 --- a/2015/5xxx/CVE-2015-5720.json +++ b/2015/5xxx/CVE-2015-5720.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf", - "refsource" : "CONFIRM", - "url" : "https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf" - }, - { - "name" : "https://www.circl.lu/advisory/CVE-2015-5720/", - "refsource" : "CONFIRM", - "url" : "https://www.circl.lu/advisory/CVE-2015-5720/" - }, - { - "name" : "92738", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.circl.lu/advisory/CVE-2015-5720/", + "refsource": "CONFIRM", + "url": "https://www.circl.lu/advisory/CVE-2015-5720/" + }, + { + "name": "92738", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92738" + }, + { + "name": "https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf", + "refsource": "CONFIRM", + "url": "https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5744.json b/2015/5xxx/CVE-2015-5744.json index 1963ce8d3ca..8faeb1c85ed 100644 --- a/2015/5xxx/CVE-2015-5744.json +++ b/2015/5xxx/CVE-2015-5744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5744", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5744", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11484.json b/2018/11xxx/CVE-2018-11484.json index 5ac2518dc76..a3f37c673b1 100644 --- a/2018/11xxx/CVE-2018-11484.json +++ b/2018/11xxx/CVE-2018-11484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11904.json b/2018/11xxx/CVE-2018-11904.json index de012fff148..76c0266782b 100644 --- a/2018/11xxx/CVE-2018-11904.json +++ b/2018/11xxx/CVE-2018-11904.json @@ -1,312 +1,312 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Return of Stack Variable Address in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=0a755b400876ab4d58151e98462d3fa8fe099f61", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=0a755b400876ab4d58151e98462d3fa8fe099f61" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=00022c12e0cad8b735f94d6ee3785a557b4a3df2", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=00022c12e0cad8b735f94d6ee3785a557b4a3df2" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=3815e870ef906409af4a228f66d9400081227b75", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=3815e870ef906409af4a228f66d9400081227b75" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=667b3108d10e9580bf9f6d337c759dc88a1a0bdc", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=667b3108d10e9580bf9f6d337c759dc88a1a0bdc" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=731ebf70a25ab2cdc32d2626dcebe60fe3b09481", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=731ebf70a25ab2cdc32d2626dcebe60fe3b09481" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=85ea1c126b05f133206cd9c6d8d9fbf137d81d27", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=85ea1c126b05f133206cd9c6d8d9fbf137d81d27" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=8ee65e3c9addab1d3c15ba013401f5698fb73594", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=8ee65e3c9addab1d3c15ba013401f5698fb73594" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=9a8f1aeb8055de80137e769fae637cd480495509", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=9a8f1aeb8055de80137e769fae637cd480495509" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a009a84d04bfac2a5c01101f38a70d216960fac0", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a009a84d04bfac2a5c01101f38a70d216960fac0" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a4b4267f94802e0a4d93999649710bbf340796d5", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a4b4267f94802e0a4d93999649710bbf340796d5" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=be70d02f12cb9a71a9b07b601f0efafc99718ec9", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=be70d02f12cb9a71a9b07b601f0efafc99718ec9" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ebf1042efb9bd4517cd09a543bb4e3a164de8771", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ebf1042efb9bd4517cd09a543bb4e3a164de8771" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ec9896d0bc7521bbbe6dc28a198635dc281e7358", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ec9896d0bc7521bbbe6dc28a198635dc281e7358" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f9f86fd07af5606d0cb74c3eca5b2cbfda509345", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f9f86fd07af5606d0cb74c3eca5b2cbfda509345" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?h=wlan-cld2.driver.lnx.1.0.r21-rel&id=391d37818aaa8038a06662075dd8893501452931", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?h=wlan-cld2.driver.lnx.1.0.r21-rel&id=391d37818aaa8038a06662075dd8893501452931" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=106f5c62b01b5a212bb53d13e3a3e70db2baedee", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=106f5c62b01b5a212bb53d13e3a3e70db2baedee" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=174c053d1aa1bf5395647e3927d718255f3cbe75", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=174c053d1aa1bf5395647e3927d718255f3cbe75" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=17f6fbb4b52a6acdd831ebaffdac9bbc88d2f423", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=17f6fbb4b52a6acdd831ebaffdac9bbc88d2f423" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=191f02a7ec2a4cccaebbdac8d36897e1ae125244", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=191f02a7ec2a4cccaebbdac8d36897e1ae125244" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=335ae3f8b353b6c7260eacb6aa706bb30f8a6bdc", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=335ae3f8b353b6c7260eacb6aa706bb30f8a6bdc" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=3ea5197d268c6f4ed08fb866b587349f7049c6d5", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=3ea5197d268c6f4ed08fb866b587349f7049c6d5" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4aa30844e28eb4b410f86d97e970a39fcdfd797d", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4aa30844e28eb4b410f86d97e970a39fcdfd797d" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4abed07fd2380b6073f5cc9f2a701773e914f86f", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4abed07fd2380b6073f5cc9f2a701773e914f86f" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=54e7d8fa44202a8528ef33d85381bca63d7749a5", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=54e7d8fa44202a8528ef33d85381bca63d7749a5" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=57a5e1f62cd3230fd046b199eee902507100e18c", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=57a5e1f62cd3230fd046b199eee902507100e18c" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=78a681f9d0d8e9843223dc42d02443e911b196a1", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=78a681f9d0d8e9843223dc42d02443e911b196a1" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=846f561170f0f4f6345d6b0ce1c35bf7059126cb", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=846f561170f0f4f6345d6b0ce1c35bf7059126cb" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=8dc81c98ed72c99983660d5b94c2c8283bc1ff7f", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=8dc81c98ed72c99983660d5b94c2c8283bc1ff7f" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9048145ff167fb8f9f8d2a9845ee1d1b45c4884c", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9048145ff167fb8f9f8d2a9845ee1d1b45c4884c" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=99c0ddb04e8de0b8139778c7fb77b1957d113769", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=99c0ddb04e8de0b8139778c7fb77b1957d113769" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9e040e43da5fe987747e16b305d7adf66977420f", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9e040e43da5fe987747e16b305d7adf66977420f" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a978afb1838273e0d7a7ec86dd8bc9db85dff49d", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a978afb1838273e0d7a7ec86dd8bc9db85dff49d" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=b98f8aafb23cbc8e883870bcc9dac165b3d75ae6", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=b98f8aafb23cbc8e883870bcc9dac165b3d75ae6" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=d42e72aa69a02531396b5a37cadebf927a757aa6", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=d42e72aa69a02531396b5a37cadebf927a757aa6" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=eb72224cc57092448663fecc2c9bfa0f775eb770", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=eb72224cc57092448663fecc2c9bfa0f775eb770" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=fb2f07b3b0d637a403bb891c57e76b6345a92cf0", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=fb2f07b3b0d637a403bb891c57e76b6345a92cf0" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=002cb97a955832197f3ceebfa8b32bd12b946151", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=002cb97a955832197f3ceebfa8b32bd12b946151" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0c5a2ba407f23efd89cac6dc45e2ab9bdba3ada1", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0c5a2ba407f23efd89cac6dc45e2ab9bdba3ada1" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=17275491f327909b32945ec1f465968021d22a7f", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=17275491f327909b32945ec1f465968021d22a7f" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=239aba9a1a4a474d86bde9cb67bfb1b2d6379a7c", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=239aba9a1a4a474d86bde9cb67bfb1b2d6379a7c" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7af334bfc3375c9f85a330b84db17c0db1d6dade", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7af334bfc3375c9f85a330b84db17c0db1d6dade" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9ab5a5a0b63075cfd095ed6bcf506b4704c523e1", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9ab5a5a0b63075cfd095ed6bcf506b4704c523e1" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a544494791b6307a2fe52fa282768083deb8a317", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a544494791b6307a2fe52fa282768083deb8a317" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a6ace5b9ea34f22b136a35248087efc2ceb35fd4", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a6ace5b9ea34f22b136a35248087efc2ceb35fd4" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c13bdf105aa20559d2d783508051ad2dd3cfa65b", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c13bdf105aa20559d2d783508051ad2dd3cfa65b" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dd9ae2971b493909879cc2fd0fa97d12e1560762", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dd9ae2971b493909879cc2fd0fa97d12e1560762" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dda167ca8104de77f46fd29c66f66f807c63b309", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dda167ca8104de77f46fd29c66f66f807c63b309" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ee9797fbefb45eee88c92420a24cda838cff6b45", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ee9797fbefb45eee88c92420a24cda838cff6b45" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f11eeadd214e081a824f30aec5cb52d390ef576c", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f11eeadd214e081a824f30aec5cb52d390ef576c" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f7ee321d5f31ce5bc6a4cbec72a965d272b3b77b", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f7ee321d5f31ce5bc6a4cbec72a965d272b3b77b" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Return of Stack Variable Address in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f11eeadd214e081a824f30aec5cb52d390ef576c", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f11eeadd214e081a824f30aec5cb52d390ef576c" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=191f02a7ec2a4cccaebbdac8d36897e1ae125244", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=191f02a7ec2a4cccaebbdac8d36897e1ae125244" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=85ea1c126b05f133206cd9c6d8d9fbf137d81d27", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=85ea1c126b05f133206cd9c6d8d9fbf137d81d27" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=106f5c62b01b5a212bb53d13e3a3e70db2baedee", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=106f5c62b01b5a212bb53d13e3a3e70db2baedee" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ee9797fbefb45eee88c92420a24cda838cff6b45", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ee9797fbefb45eee88c92420a24cda838cff6b45" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0c5a2ba407f23efd89cac6dc45e2ab9bdba3ada1", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0c5a2ba407f23efd89cac6dc45e2ab9bdba3ada1" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=174c053d1aa1bf5395647e3927d718255f3cbe75", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=174c053d1aa1bf5395647e3927d718255f3cbe75" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7af334bfc3375c9f85a330b84db17c0db1d6dade", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7af334bfc3375c9f85a330b84db17c0db1d6dade" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=335ae3f8b353b6c7260eacb6aa706bb30f8a6bdc", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=335ae3f8b353b6c7260eacb6aa706bb30f8a6bdc" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=be70d02f12cb9a71a9b07b601f0efafc99718ec9", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=be70d02f12cb9a71a9b07b601f0efafc99718ec9" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=54e7d8fa44202a8528ef33d85381bca63d7749a5", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=54e7d8fa44202a8528ef33d85381bca63d7749a5" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=57a5e1f62cd3230fd046b199eee902507100e18c", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=57a5e1f62cd3230fd046b199eee902507100e18c" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=8ee65e3c9addab1d3c15ba013401f5698fb73594", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=8ee65e3c9addab1d3c15ba013401f5698fb73594" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=00022c12e0cad8b735f94d6ee3785a557b4a3df2", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=00022c12e0cad8b735f94d6ee3785a557b4a3df2" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=78a681f9d0d8e9843223dc42d02443e911b196a1", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=78a681f9d0d8e9843223dc42d02443e911b196a1" + }, + { + "name": "https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=0a755b400876ab4d58151e98462d3fa8fe099f61", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=0a755b400876ab4d58151e98462d3fa8fe099f61" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a6ace5b9ea34f22b136a35248087efc2ceb35fd4", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a6ace5b9ea34f22b136a35248087efc2ceb35fd4" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=17275491f327909b32945ec1f465968021d22a7f", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=17275491f327909b32945ec1f465968021d22a7f" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a009a84d04bfac2a5c01101f38a70d216960fac0", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a009a84d04bfac2a5c01101f38a70d216960fac0" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4abed07fd2380b6073f5cc9f2a701773e914f86f", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4abed07fd2380b6073f5cc9f2a701773e914f86f" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a4b4267f94802e0a4d93999649710bbf340796d5", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a4b4267f94802e0a4d93999649710bbf340796d5" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c13bdf105aa20559d2d783508051ad2dd3cfa65b", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c13bdf105aa20559d2d783508051ad2dd3cfa65b" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=99c0ddb04e8de0b8139778c7fb77b1957d113769", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=99c0ddb04e8de0b8139778c7fb77b1957d113769" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=3815e870ef906409af4a228f66d9400081227b75", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=3815e870ef906409af4a228f66d9400081227b75" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a978afb1838273e0d7a7ec86dd8bc9db85dff49d", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a978afb1838273e0d7a7ec86dd8bc9db85dff49d" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dd9ae2971b493909879cc2fd0fa97d12e1560762", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dd9ae2971b493909879cc2fd0fa97d12e1560762" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=846f561170f0f4f6345d6b0ce1c35bf7059126cb", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=846f561170f0f4f6345d6b0ce1c35bf7059126cb" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=239aba9a1a4a474d86bde9cb67bfb1b2d6379a7c", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=239aba9a1a4a474d86bde9cb67bfb1b2d6379a7c" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f9f86fd07af5606d0cb74c3eca5b2cbfda509345", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f9f86fd07af5606d0cb74c3eca5b2cbfda509345" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4aa30844e28eb4b410f86d97e970a39fcdfd797d", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4aa30844e28eb4b410f86d97e970a39fcdfd797d" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=9a8f1aeb8055de80137e769fae637cd480495509", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=9a8f1aeb8055de80137e769fae637cd480495509" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a544494791b6307a2fe52fa282768083deb8a317", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a544494791b6307a2fe52fa282768083deb8a317" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=d42e72aa69a02531396b5a37cadebf927a757aa6", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=d42e72aa69a02531396b5a37cadebf927a757aa6" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=002cb97a955832197f3ceebfa8b32bd12b946151", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=002cb97a955832197f3ceebfa8b32bd12b946151" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=8dc81c98ed72c99983660d5b94c2c8283bc1ff7f", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=8dc81c98ed72c99983660d5b94c2c8283bc1ff7f" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9ab5a5a0b63075cfd095ed6bcf506b4704c523e1", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9ab5a5a0b63075cfd095ed6bcf506b4704c523e1" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=731ebf70a25ab2cdc32d2626dcebe60fe3b09481", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=731ebf70a25ab2cdc32d2626dcebe60fe3b09481" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=3ea5197d268c6f4ed08fb866b587349f7049c6d5", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=3ea5197d268c6f4ed08fb866b587349f7049c6d5" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ebf1042efb9bd4517cd09a543bb4e3a164de8771", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ebf1042efb9bd4517cd09a543bb4e3a164de8771" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9e040e43da5fe987747e16b305d7adf66977420f", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9e040e43da5fe987747e16b305d7adf66977420f" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=b98f8aafb23cbc8e883870bcc9dac165b3d75ae6", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=b98f8aafb23cbc8e883870bcc9dac165b3d75ae6" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=eb72224cc57092448663fecc2c9bfa0f775eb770", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=eb72224cc57092448663fecc2c9bfa0f775eb770" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=17f6fbb4b52a6acdd831ebaffdac9bbc88d2f423", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=17f6fbb4b52a6acdd831ebaffdac9bbc88d2f423" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dda167ca8104de77f46fd29c66f66f807c63b309", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dda167ca8104de77f46fd29c66f66f807c63b309" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9048145ff167fb8f9f8d2a9845ee1d1b45c4884c", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9048145ff167fb8f9f8d2a9845ee1d1b45c4884c" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f7ee321d5f31ce5bc6a4cbec72a965d272b3b77b", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f7ee321d5f31ce5bc6a4cbec72a965d272b3b77b" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?h=wlan-cld2.driver.lnx.1.0.r21-rel&id=391d37818aaa8038a06662075dd8893501452931", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?h=wlan-cld2.driver.lnx.1.0.r21-rel&id=391d37818aaa8038a06662075dd8893501452931" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ec9896d0bc7521bbbe6dc28a198635dc281e7358", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ec9896d0bc7521bbbe6dc28a198635dc281e7358" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=fb2f07b3b0d637a403bb891c57e76b6345a92cf0", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=fb2f07b3b0d637a403bb891c57e76b6345a92cf0" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=667b3108d10e9580bf9f6d337c759dc88a1a0bdc", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=667b3108d10e9580bf9f6d337c759dc88a1a0bdc" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3162.json b/2018/3xxx/CVE-2018-3162.json index 619c37505fe..9215a6a62f2 100644 --- a/2018/3xxx/CVE-2018-3162.json +++ b/2018/3xxx/CVE-2018-3162.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.23 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.23 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3799-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3799-1/" - }, - { - "name" : "105594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105594" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "USN-3799-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3799-1/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105594" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3303.json b/2018/3xxx/CVE-2018-3303.json index 6cb92c93d0b..c1c11ef8b6b 100644 --- a/2018/3xxx/CVE-2018-3303.json +++ b/2018/3xxx/CVE-2018-3303.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Enterprise Manager Base Platform", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "13.2" - }, - { - "version_affected" : "=", - "version_value" : "13.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). Supported versions that are affected are 13.2 and 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.2" + }, + { + "version_affected": "=", + "version_value": "13.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). Supported versions that are affected are 13.2 and 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106618" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3399.json b/2018/3xxx/CVE-2018-3399.json index a19e70fb068..ca5202000d7 100644 --- a/2018/3xxx/CVE-2018-3399.json +++ b/2018/3xxx/CVE-2018-3399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3756.json b/2018/3xxx/CVE-2018-3756.json index d83e1cb9c14..39ab01589eb 100644 --- a/2018/3xxx/CVE-2018-3756.json +++ b/2018/3xxx/CVE-2018-3756.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-05-31T00:00:00", - "ID" : "CVE-2018-3756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-05-31T00:00:00", + "ID": "CVE-2018-3756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hyperledger/iroha/releases/tag/v1.0.0_beta-2", - "refsource" : "CONFIRM", - "url" : "https://github.com/hyperledger/iroha/releases/tag/v1.0.0_beta-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hyperledger/iroha/releases/tag/v1.0.0_beta-2", + "refsource": "CONFIRM", + "url": "https://github.com/hyperledger/iroha/releases/tag/v1.0.0_beta-2" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3802.json b/2018/3xxx/CVE-2018-3802.json index 0f45b0ef461..ee089fe3d94 100644 --- a/2018/3xxx/CVE-2018-3802.json +++ b/2018/3xxx/CVE-2018-3802.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3802", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3802", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6255.json b/2018/6xxx/CVE-2018-6255.json index ee1bc5272dc..4d269e9a863 100644 --- a/2018/6xxx/CVE-2018-6255.json +++ b/2018/6xxx/CVE-2018-6255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6255", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6255", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7155.json b/2018/7xxx/CVE-2018-7155.json index 120bb76953e..a5840d1ddcc 100644 --- a/2018/7xxx/CVE-2018-7155.json +++ b/2018/7xxx/CVE-2018-7155.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7155", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7155", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7632.json b/2018/7xxx/CVE-2018-7632.json index d1bfe7e541b..1affc9810df 100644 --- a/2018/7xxx/CVE-2018-7632.json +++ b/2018/7xxx/CVE-2018-7632.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading \"/\" in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/", - "refsource" : "MISC", - "url" : "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading \"/\" in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/", + "refsource": "MISC", + "url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7808.json b/2018/7xxx/CVE-2018-7808.json index c5500008194..52b305adb5c 100644 --- a/2018/7xxx/CVE-2018-7808.json +++ b/2018/7xxx/CVE-2018-7808.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7808", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7808", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8023.json b/2018/8xxx/CVE-2018-8023.json index b1cb265fc49..8c9cbb23a9c 100644 --- a/2018/8xxx/CVE-2018-8023.json +++ b/2018/8xxx/CVE-2018-8023.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-09-21T00:00:00", - "ID" : "CVE-2018-8023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Mesos", - "version" : { - "version_data" : [ - { - "version_value" : "versions prior to 1.4.2" - }, - { - "version_value" : "1.5.0, 1.5.1" - }, - { - "version_value" : "1.6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-09-21T00:00:00", + "ID": "CVE-2018-8023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Mesos", + "version": { + "version_data": [ + { + "version_value": "versions prior to 1.4.2" + }, + { + "version_value": "1.5.0, 1.5.1" + }, + { + "version_value": "1.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20180921 CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API.", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/9b9d3f6bd09f3ebd2284b82077033bdc71da550a1c4c010c2494acc3@%3Cdev.mesos.apache.org%3E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dev] 20180921 CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API.", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/9b9d3f6bd09f3ebd2284b82077033bdc71da550a1c4c010c2494acc3@%3Cdev.mesos.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8492.json b/2018/8xxx/CVE-2018-8492.json index 5fe2adeea41..0069c259133 100644 --- a/2018/8xxx/CVE-2018-8492.json +++ b/2018/8xxx/CVE-2018-8492.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8492", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8492" - }, - { - "name" : "105455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105455" - }, - { - "name" : "1041842", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105455" + }, + { + "name": "1041842", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041842" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8492", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8492" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8569.json b/2018/8xxx/CVE-2018-8569.json index f7f3462ebe9..fe2ce7d7d2a 100644 --- a/2018/8xxx/CVE-2018-8569.json +++ b/2018/8xxx/CVE-2018-8569.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Yammer Desktop App", - "version" : { - "version_data" : [ - { - "version_value" : "Yammer Desktop App" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka \"Yammer Desktop Application Remote Code Execution Vulnerability.\" This affects Yammer Desktop App." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yammer Desktop App", + "version": { + "version_data": [ + { + "version_value": "Yammer Desktop App" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8569", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8569" - }, - { - "name" : "105681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka \"Yammer Desktop Application Remote Code Execution Vulnerability.\" This affects Yammer Desktop App." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8569", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8569" + }, + { + "name": "105681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105681" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8681.json b/2018/8xxx/CVE-2018-8681.json index 5d81732bbc3..e78d56c0b71 100644 --- a/2018/8xxx/CVE-2018-8681.json +++ b/2018/8xxx/CVE-2018-8681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8681", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8681", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8856.json b/2018/8xxx/CVE-2018-8856.json index f086c3cb28a..68b10a70cbc 100644 --- a/2018/8xxx/CVE-2018-8856.json +++ b/2018/8xxx/CVE-2018-8856.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-31T00:00:00", - "ID" : "CVE-2018-8856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "e-Alert Unit (non-medical device)", - "version" : { - "version_data" : [ - { - "version_value" : "R2.1 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Philips" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "USE OF HARD-CODED CREDENTIALS CWE- 798" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-31T00:00:00", + "ID": "CVE-2018-8856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "e-Alert Unit (non-medical device)", + "version": { + "version_data": [ + { + "version_value": "R2.1 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Philips" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01" - }, - { - "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", - "refsource" : "CONFIRM", - "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" - }, - { - "name" : "105194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CREDENTIALS CWE- 798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource": "CONFIRM", + "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" + }, + { + "name": "105194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105194" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01" + } + ] + } +} \ No newline at end of file