diff --git a/2005/0xxx/CVE-2005-0222.json b/2005/0xxx/CVE-2005-0222.json index b3d9865b310..e578c7871a7 100644 --- a/2005/0xxx/CVE-2005-0222.json +++ b/2005/0xxx/CVE-2005-0222.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110608459222364&w=2" - }, - { - "name" : "20050117 [VulnWatch] Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html" - }, - { - "name" : "http://theinsider.deep-ice.com/texts/advisory69.txt", - "refsource" : "MISC", - "url" : "http://theinsider.deep-ice.com/texts/advisory69.txt" - }, - { - "name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147" - }, - { - "name" : "gallery-mainphp-obtain-information(18940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110608459222364&w=2" + }, + { + "name": "http://theinsider.deep-ice.com/texts/advisory69.txt", + "refsource": "MISC", + "url": "http://theinsider.deep-ice.com/texts/advisory69.txt" + }, + { + "name": "gallery-mainphp-obtain-information(18940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18940" + }, + { + "name": "20050117 [VulnWatch] Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html" + }, + { + "name": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0230.json b/2005/0xxx/CVE-2005-0230.json index d20cede745b..ee9ab40697e 100644 --- a/2005/0xxx/CVE-2005-0230.json +++ b/2005/0xxx/CVE-2005-0230.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka \"firedragging.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050207 Firedragging [Firefox 1.0]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110780995232064&w=2" - }, - { - "name" : "http://www.mikx.de/firedragging/", - "refsource" : "MISC", - "url" : "http://www.mikx.de/firedragging/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=279945", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=279945" - }, - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-25.html" - }, - { - "name" : "GLSA-200503-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" - }, - { - "name" : "GLSA-200503-30", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "12468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12468" - }, - { - "name" : "oval:org.mitre.oval:def:100033", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka \"firedragging.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-25.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-25.html" + }, + { + "name": "oval:org.mitre.oval:def:100033", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "20050207 Firedragging [Firefox 1.0]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110780995232064&w=2" + }, + { + "name": "http://www.mikx.de/firedragging/", + "refsource": "MISC", + "url": "http://www.mikx.de/firedragging/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=279945", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=279945" + }, + { + "name": "GLSA-200503-30", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" + }, + { + "name": "GLSA-200503-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "12468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12468" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0328.json b/2005/0xxx/CVE-2005-0328.json index b2954b7ac92..53529e9fcaa 100644 --- a/2005/0xxx/CVE-2005-0328.json +++ b/2005/0xxx/CVE-2005-0328.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050131 Zyxel / Netgear and probably other routers leaking information.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110720465527599&w=2" - }, - { - "name" : "zyxel-netgear-ping-information-disclosure(20609)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zyxel-netgear-ping-information-disclosure(20609)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20609" + }, + { + "name": "20050131 Zyxel / Netgear and probably other routers leaking information.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110720465527599&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1226.json b/2005/1xxx/CVE-2005-1226.json index 991c3ff85a4..c62652b9a9e 100644 --- a/2005/1xxx/CVE-2005-1226.json +++ b/2005/1xxx/CVE-2005-1226.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050420 [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111402186304179&w=2" - }, - { - "name" : "http://www.waraxe.us/advisory-42.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-42.html" - }, - { - "name" : "coppermine-password-plaintext(20206)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coppermine-password-plaintext(20206)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20206" + }, + { + "name": "20050420 [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111402186304179&w=2" + }, + { + "name": "http://www.waraxe.us/advisory-42.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-42.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1529.json b/2005/1xxx/CVE-2005-1529.json index 7054c701194..429cdcea07c 100644 --- a/2005/1xxx/CVE-2005-1529.json +++ b/2005/1xxx/CVE-2005-1529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3717.json b/2005/3xxx/CVE-2005-3717.json index d82b4fbcb41..12e8144dd47 100644 --- a/2005/3xxx/CVE-2005-3717.json +++ b/2005/3xxx/CVE-2005-3717.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username \"target\" and password \"password\", which allows remote attackers to gain full access to the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051117 UTstarcom F1000 VoIP Wifi phone multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html" - }, - { - "name" : "15476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15476" - }, - { - "name" : "ADV-2005-2472", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2472" - }, - { - "name" : "17629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username \"target\" and password \"password\", which allows remote attackers to gain full access to the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051117 UTstarcom F1000 VoIP Wifi phone multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html" + }, + { + "name": "15476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15476" + }, + { + "name": "ADV-2005-2472", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2472" + }, + { + "name": "17629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17629" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4069.json b/2005/4xxx/CVE-2005-4069.json index a203998d301..ba9bf5b77aa 100644 --- a/2005/4xxx/CVE-2005-4069.json +++ b/2005/4xxx/CVE-2005-4069.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the \"SunnComm Shared\" directory, which allows local users to gain privileges by modifying programs installed in that directory, such as MMX.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf", - "refsource" : "MISC", - "url" : "http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf" - }, - { - "name" : "http://www.eff.org/news/archives/2005_12.php#004234", - "refsource" : "MISC", - "url" : "http://www.eff.org/news/archives/2005_12.php#004234" - }, - { - "name" : "VU#928689", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/928689" - }, - { - "name" : "15754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15754" - }, - { - "name" : "ADV-2005-2783", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2783" - }, - { - "name" : "1015327", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015327" - }, - { - "name" : "17933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the \"SunnComm Shared\" directory, which allows local users to gain privileges by modifying programs installed in that directory, such as MMX.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2783", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2783" + }, + { + "name": "http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf", + "refsource": "MISC", + "url": "http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf" + }, + { + "name": "15754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15754" + }, + { + "name": "http://www.eff.org/news/archives/2005_12.php#004234", + "refsource": "MISC", + "url": "http://www.eff.org/news/archives/2005_12.php#004234" + }, + { + "name": "VU#928689", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/928689" + }, + { + "name": "17933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17933" + }, + { + "name": "1015327", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015327" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4282.json b/2005/4xxx/CVE-2005-4282.json index 094b71766ac..f56100b0cd4 100644 --- a/2005/4xxx/CVE-2005-4282.json +++ b/2005/4xxx/CVE-2005-4282.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/domaincart-xss.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/domaincart-xss.html" - }, - { - "name" : "15893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15893" - }, - { - "name" : "ADV-2005-2917", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2917" - }, - { - "name" : "21729", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21729" - }, - { - "name" : "18035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15893" + }, + { + "name": "ADV-2005-2917", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2917" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/domaincart-xss.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/domaincart-xss.html" + }, + { + "name": "18035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18035" + }, + { + "name": "21729", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21729" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4569.json b/2005/4xxx/CVE-2005-4569.json index 5e604c01aff..a0478b490f6 100644 --- a/2005/4xxx/CVE-2005-4569.json +++ b/2005/4xxx/CVE-2005-4569.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzoffset value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 [ACSSEC-2005-11-25-0x4] FTGate 4.4 [Build 4.4.000 Oct 26 2005] St ack Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1018.html" - }, - { - "name" : "15972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15972" - }, - { - "name" : "ADV-2005-3010", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzoffset value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-3010", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3010" + }, + { + "name": "20051220 [ACSSEC-2005-11-25-0x4] FTGate 4.4 [Build 4.4.000 Oct 26 2005] St ack Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1018.html" + }, + { + "name": "15972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15972" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4749.json b/2005/4xxx/CVE-2005-4749.json index 6f1e79e097f..446ea279b9c 100644 --- a/2005/4xxx/CVE-2005-4749.json +++ b/2005/4xxx/CVE-2005-4749.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA05-105.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/159" - }, - { - "name" : "BEA06-105.01", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/177" - }, - { - "name" : "15052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15052" - }, - { - "name" : "17163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17163" - }, - { - "name" : "17138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA05-105.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/159" + }, + { + "name": "17163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17163" + }, + { + "name": "BEA06-105.01", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/177" + }, + { + "name": "15052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15052" + }, + { + "name": "17138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17138" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0284.json b/2009/0xxx/CVE-2009-0284.json index 38cdec93f0d..e63478ae740 100644 --- a/2009/0xxx/CVE-2009-0284.json +++ b/2009/0xxx/CVE-2009-0284.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7862", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7862" - }, - { - "name" : "http://www.flaxweb.com/products/articles", - "refsource" : "CONFIRM", - "url" : "http://www.flaxweb.com/products/articles" - }, - { - "name" : "33422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33422" - }, - { - "name" : "33625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33625" + }, + { + "name": "33422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33422" + }, + { + "name": "http://www.flaxweb.com/products/articles", + "refsource": "CONFIRM", + "url": "http://www.flaxweb.com/products/articles" + }, + { + "name": "7862", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7862" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0755.json b/2009/0xxx/CVE-2009-0755.json index 2047040f426..c331142e0b1 100644 --- a/2009/0xxx/CVE-2009-0755.json +++ b/2009/0xxx/CVE-2009-0755.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090417 rPSA-2009-0059-1 poppler", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502761/100/0/threaded" - }, - { - "name" : "[oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/13/1" - }, - { - "name" : "[oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/19/2" - }, - { - "name" : "[poppler] 20090128 poppler/Form.cc", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/poppler/2009-January/004406.html" - }, - { - "name" : "http://bugs.freedesktop.org/show_bug.cgi?id=19790", - "refsource" : "CONFIRM", - "url" : "http://bugs.freedesktop.org/show_bug.cgi?id=19790" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0059", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0059" - }, - { - "name" : "DSA-1941", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1941" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "USN-850-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-850-1" - }, - { - "name" : "33749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33749" - }, - { - "name" : "33853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33853" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "37114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33749" + }, + { + "name": "DSA-1941", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1941" + }, + { + "name": "[poppler] 20090128 poppler/Form.cc", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/poppler/2009-January/004406.html" + }, + { + "name": "33853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33853" + }, + { + "name": "[oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/19/2" + }, + { + "name": "37114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37114" + }, + { + "name": "[oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/13/1" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0059", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059" + }, + { + "name": "http://bugs.freedesktop.org/show_bug.cgi?id=19790", + "refsource": "CONFIRM", + "url": "http://bugs.freedesktop.org/show_bug.cgi?id=19790" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "USN-850-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-850-1" + }, + { + "name": "20090417 rPSA-2009-0059-1 poppler", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1085.json b/2009/1xxx/CVE-2009-1085.json index 9e434676a6d..3a9aa76ec15 100644 --- a/2009/1xxx/CVE-2009-1085.json +++ b/2009/1xxx/CVE-2009-1085.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090323 CVE request: API key disclosure in piwik", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/23/2" - }, - { - "name" : "http://marco-ziesing.de/archives/35-Schluesselloch-in-Piwik.html", - "refsource" : "MISC", - "url" : "http://marco-ziesing.de/archives/35-Schluesselloch-in-Piwik.html" - }, - { - "name" : "http://dev.piwik.org/trac/ticket/599", - "refsource" : "CONFIRM", - "url" : "http://dev.piwik.org/trac/ticket/599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090323 CVE request: API key disclosure in piwik", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/23/2" + }, + { + "name": "http://dev.piwik.org/trac/ticket/599", + "refsource": "CONFIRM", + "url": "http://dev.piwik.org/trac/ticket/599" + }, + { + "name": "http://marco-ziesing.de/archives/35-Schluesselloch-in-Piwik.html", + "refsource": "MISC", + "url": "http://marco-ziesing.de/archives/35-Schluesselloch-in-Piwik.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1323.json b/2009/1xxx/CVE-2009-1323.json index 08ec6146566..4df6f4345e4 100644 --- a/2009/1xxx/CVE-2009-1323.json +++ b/2009/1xxx/CVE-2009-1323.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8382", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8382" - }, - { - "name" : "34462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34462" - }, - { - "name" : "34648", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34648" - }, - { - "name" : "webfileexplorer-body-sql-injection(49801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webfileexplorer-body-sql-injection(49801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49801" + }, + { + "name": "34648", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34648" + }, + { + "name": "34462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34462" + }, + { + "name": "8382", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8382" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1391.json b/2009/1xxx/CVE-2009-1391.json index bf6905f6b74..5a198155ceb 100644 --- a/2009/1xxx/CVE-2009-1391.json +++ b/2009/1xxx/CVE-2009-1391.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://article.gmane.org/gmane.mail.virus.amavis.user/33635", - "refsource" : "MISC", - "url" : "http://article.gmane.org/gmane.mail.virus.amavis.user/33635" - }, - { - "name" : "http://article.gmane.org/gmane.mail.virus.amavis.user/33638", - "refsource" : "MISC", - "url" : "http://article.gmane.org/gmane.mail.virus.amavis.user/33638" - }, - { - "name" : "http://thread.gmane.org/gmane.mail.virus.amavis.user/33635", - "refsource" : "MISC", - "url" : "http://thread.gmane.org/gmane.mail.virus.amavis.user/33635" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=504386", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=504386" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=273141", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=273141" - }, - { - "name" : "FEDORA-2009-7680", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html" - }, - { - "name" : "GLSA-200908-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200908-07.xml" - }, - { - "name" : "MDVSA-2009:157", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:157" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "USN-794-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/794-1/" - }, - { - "name" : "35307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35307" - }, - { - "name" : "55041", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55041" - }, - { - "name" : "35422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35422" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "35689", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35689" - }, - { - "name" : "35876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35876" - }, - { - "name" : "ADV-2009-1571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1571" - }, - { - "name" : "perl-compressrawzlib-inflate-bo(51062)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://article.gmane.org/gmane.mail.virus.amavis.user/33635", + "refsource": "MISC", + "url": "http://article.gmane.org/gmane.mail.virus.amavis.user/33635" + }, + { + "name": "http://thread.gmane.org/gmane.mail.virus.amavis.user/33635", + "refsource": "MISC", + "url": "http://thread.gmane.org/gmane.mail.virus.amavis.user/33635" + }, + { + "name": "perl-compressrawzlib-inflate-bo(51062)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51062" + }, + { + "name": "USN-794-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/794-1/" + }, + { + "name": "MDVSA-2009:157", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:157" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=273141", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=273141" + }, + { + "name": "35307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35307" + }, + { + "name": "GLSA-200908-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200908-07.xml" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=504386", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504386" + }, + { + "name": "35689", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35689" + }, + { + "name": "ADV-2009-1571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1571" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "55041", + "refsource": "OSVDB", + "url": "http://osvdb.org/55041" + }, + { + "name": "http://article.gmane.org/gmane.mail.virus.amavis.user/33638", + "refsource": "MISC", + "url": "http://article.gmane.org/gmane.mail.virus.amavis.user/33638" + }, + { + "name": "35422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35422" + }, + { + "name": "35876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35876" + }, + { + "name": "FEDORA-2009-7680", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3569.json b/2009/3xxx/CVE-2009-3569.json index 43064d18753..1d93d96e918 100644 --- a/2009/3xxx/CVE-2009-3569.json +++ b/2009/3xxx/CVE-2009-3569.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka \"Client-side stack overflow exploit.\" NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36285" - }, - { - "name" : "1022832", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022832" - }, - { - "name" : "35036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka \"Client-side stack overflow exploit.\" NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36285" + }, + { + "name": "1022832", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022832" + }, + { + "name": "35036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35036" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3983.json b/2009/3xxx/CVE-2009-3983.json index 69ef5947c9c..571aad470fa 100644 --- a/2009/3xxx/CVE-2009-3983.json +++ b/2009/3xxx/CVE-2009-3983.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-68.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-68.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=487872", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=487872" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=546720", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=546720" - }, - { - "name" : "DSA-1956", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1956" - }, - { - "name" : "FEDORA-2009-13333", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html" - }, - { - "name" : "FEDORA-2009-13362", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html" - }, - { - "name" : "FEDORA-2009-13366", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html" - }, - { - "name" : "RHSA-2009:1673", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1673.html" - }, - { - "name" : "RHSA-2009:1674", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1674.html" - }, - { - "name" : "SUSE-SA:2009:063", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2009_63_firefox.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "USN-873-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-873-1" - }, - { - "name" : "USN-874-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-874-1" - }, - { - "name" : "USN-915-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-915-1" - }, - { - "name" : "37349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37349" - }, - { - "name" : "37366", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37366" - }, - { - "name" : "oval:org.mitre.oval:def:10047", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047" - }, - { - "name" : "oval:org.mitre.oval:def:8240", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240" - }, - { - "name" : "1023340", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023340" - }, - { - "name" : "1023341", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023341" - }, - { - "name" : "37699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37699" - }, - { - "name" : "37703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37703" - }, - { - "name" : "37704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37704" - }, - { - "name" : "37785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37785" - }, - { - "name" : "37813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37813" - }, - { - "name" : "37856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37856" - }, - { - "name" : "37881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37881" - }, - { - "name" : "39001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39001" - }, - { - "name" : "38977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38977" - }, - { - "name" : "ADV-2009-3547", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3547" - }, - { - "name" : "ADV-2010-0648", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0648" - }, - { - "name" : "firefox-ntlm-reflection(54807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37704" + }, + { + "name": "37699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37699" + }, + { + "name": "39001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39001" + }, + { + "name": "ADV-2009-3547", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3547" + }, + { + "name": "37703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37703" + }, + { + "name": "ADV-2010-0648", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0648" + }, + { + "name": "37881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37881" + }, + { + "name": "FEDORA-2009-13362", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html" + }, + { + "name": "37785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37785" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "USN-874-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-874-1" + }, + { + "name": "37813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37813" + }, + { + "name": "FEDORA-2009-13333", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html" + }, + { + "name": "USN-873-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-873-1" + }, + { + "name": "38977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38977" + }, + { + "name": "1023341", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023341" + }, + { + "name": "oval:org.mitre.oval:def:8240", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240" + }, + { + "name": "1023340", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023340" + }, + { + "name": "37349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37349" + }, + { + "name": "RHSA-2009:1674", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1674.html" + }, + { + "name": "FEDORA-2009-13366", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html" + }, + { + "name": "DSA-1956", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1956" + }, + { + "name": "37856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37856" + }, + { + "name": "RHSA-2009:1673", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1673.html" + }, + { + "name": "37366", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37366" + }, + { + "name": "USN-915-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-915-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-68.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-68.html" + }, + { + "name": "firefox-ntlm-reflection(54807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54807" + }, + { + "name": "oval:org.mitre.oval:def:10047", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047" + }, + { + "name": "SUSE-SA:2009:063", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2009_63_firefox.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=487872", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=487872" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=546720", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546720" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4236.json b/2009/4xxx/CVE-2009-4236.json index 782d266ab05..abe68b033bb 100644 --- a/2009/4xxx/CVE-2009-4236.json +++ b/2009/4xxx/CVE-2009-4236.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html", - "refsource" : "MISC", - "url" : "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html" - }, - { - "name" : "http://www.ec-cube.net/info/091127/", - "refsource" : "CONFIRM", - "url" : "http://www.ec-cube.net/info/091127/" - }, - { - "name" : "JVN#79762947", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN79762947/index.html" - }, - { - "name" : "JVNDB-2009-000078", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html" - }, - { - "name" : "60685", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60685" - }, - { - "name" : "37603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37603" - }, - { - "name" : "ADV-2009-3421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3421" - }, - { - "name" : "eccube-searchcustomer-security-bypass(54573)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3421" + }, + { + "name": "37603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37603" + }, + { + "name": "JVN#79762947", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN79762947/index.html" + }, + { + "name": "60685", + "refsource": "OSVDB", + "url": "http://osvdb.org/60685" + }, + { + "name": "eccube-searchcustomer-security-bypass(54573)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54573" + }, + { + "name": "JVNDB-2009-000078", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html" + }, + { + "name": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html", + "refsource": "MISC", + "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html" + }, + { + "name": "http://www.ec-cube.net/info/091127/", + "refsource": "CONFIRM", + "url": "http://www.ec-cube.net/info/091127/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4686.json b/2009/4xxx/CVE-2009-4686.json index 792467af47a..0f60d723119 100644 --- a/2009/4xxx/CVE-2009-4686.json +++ b/2009/4xxx/CVE-2009-4686.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/adquick-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/adquick-xss.txt" - }, - { - "name" : "56056", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56056" - }, - { - "name" : "35926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35926" - }, - { - "name" : "adquick-account-xss(51857)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adquick-account-xss(51857)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51857" + }, + { + "name": "56056", + "refsource": "OSVDB", + "url": "http://osvdb.org/56056" + }, + { + "name": "35926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35926" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/adquick-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/adquick-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4727.json b/2009/4xxx/CVE-2009-4727.json index a961b50c4e8..b85da913148 100644 --- a/2009/4xxx/CVE-2009-4727.json +++ b/2009/4xxx/CVE-2009-4727.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9332", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9332" - }, - { - "name" : "36132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36132" - }, - { - "name" : "ADV-2009-2124", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36132" + }, + { + "name": "ADV-2009-2124", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2124" + }, + { + "name": "9332", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9332" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4978.json b/2009/4xxx/CVE-2009-4978.json index 9c3b4ef7db3..888b416ea8a 100644 --- a/2009/4xxx/CVE-2009-4978.json +++ b/2009/4xxx/CVE-2009-4978.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9365", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9365" - }, - { - "name" : "36106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36106" - }, - { - "name" : "ADV-2009-2165", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9365", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9365" + }, + { + "name": "ADV-2009-2165", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2165" + }, + { + "name": "36106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36106" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2094.json b/2012/2xxx/CVE-2012-2094.json index 5fb7c90539a..5aee9905b67 100644 --- a/2012/2xxx/CVE-2012-2094.json +++ b/2012/2xxx/CVE-2012-2094.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack] 20120417 [OSSA 2012-004] XSS vulnerability in Horizon log viewer", - "refsource" : "MLIST", - "url" : "https://lists.launchpad.net/openstack/msg10211.html" - }, - { - "name" : "https://bugs.launchpad.net/horizon/+bug/977944", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/horizon/+bug/977944" - }, - { - "name" : "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942" - }, - { - "name" : "FEDORA-2012-6108", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html" - }, - { - "name" : "USN-1439-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1439-1" - }, - { - "name" : "81742", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81742" - }, - { - "name" : "49024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49024" - }, - { - "name" : "49071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49071" - }, - { - "name" : "openstack-horizon-xss(76136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49024" + }, + { + "name": "openstack-horizon-xss(76136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76136" + }, + { + "name": "81742", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81742" + }, + { + "name": "USN-1439-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1439-1" + }, + { + "name": "https://bugs.launchpad.net/horizon/+bug/977944", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/horizon/+bug/977944" + }, + { + "name": "49071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49071" + }, + { + "name": "FEDORA-2012-6108", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html" + }, + { + "name": "[openstack] 20120417 [OSSA 2012-004] XSS vulnerability in Horizon log viewer", + "refsource": "MLIST", + "url": "https://lists.launchpad.net/openstack/msg10211.html" + }, + { + "name": "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2696.json b/2012/2xxx/CVE-2012-2696.json index 8703eaa6a54..270bf476714 100644 --- a/2012/2xxx/CVE-2012-2696.json +++ b/2012/2xxx/CVE-2012-2696.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2012:1506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1506.html" - }, - { - "name" : "56825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56825" - }, - { - "name" : "1027838", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027838" - }, - { - "name" : "enterprise-system-backend-sec-bypass(80545)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56825" + }, + { + "name": "RHSA-2012:1506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1506.html" + }, + { + "name": "enterprise-system-backend-sec-bypass(80545)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80545" + }, + { + "name": "1027838", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027838" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2773.json b/2012/2xxx/CVE-2012-2773.json index 2d4b93832d9..e3e645e328e 100644 --- a/2012/2xxx/CVE-2012-2773.json +++ b/2012/2xxx/CVE-2012-2773.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "https://www.ffmpeg.org/security.html" - }, - { - "name" : "100274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100274" + }, + { + "name": "https://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "https://www.ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2800.json b/2012/2xxx/CVE-2012-2800.json index f9cf1245014..0f36929a744 100644 --- a/2012/2xxx/CVE-2012-2800.json +++ b/2012/2xxx/CVE-2012-2800.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the \"tile size ... mismatches parameters\" and triggers \"writing into a too small array.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7" - }, - { - "name" : "http://libav.org/releases/libav-0.7.7.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.7.7.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.8.4.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.8.4.changelog" - }, - { - "name" : "MDVSA-2013:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - }, - { - "name" : "51257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the \"tile size ... mismatches parameters\" and triggers \"writing into a too small array.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "http://libav.org/releases/libav-0.8.4.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.8.4.changelog" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "MDVSA-2013:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://libav.org/releases/libav-0.7.7.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.7.7.changelog" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + }, + { + "name": "51257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51257" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2853.json b/2012/2xxx/CVE-2012-2853.json index 949b41c7edf..f50b29f52a8 100644 --- a/2012/2xxx/CVE-2012-2853.json +++ b/2012/2xxx/CVE-2012-2853.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=134101", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=134101" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" - }, - { - "name" : "oval:org.mitre.oval:def:15439", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=134101", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=134101" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" + }, + { + "name": "oval:org.mitre.oval:def:15439", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15439" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2921.json b/2012/2xxx/CVE-2012-2921.json index cbec7f802d8..1a24d6e3a73 100644 --- a/2012/2xxx/CVE-2012-2921.json +++ b/2012/2xxx/CVE-2012-2921.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freecode.com/projects/feedparser/releases/344371", - "refsource" : "CONFIRM", - "url" : "http://freecode.com/projects/feedparser/releases/344371" - }, - { - "name" : "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706" - }, - { - "name" : "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157" - }, - { - "name" : "MDVSA-2013:118", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:118" - }, - { - "name" : "53654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53654" - }, - { - "name" : "81701", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81701" - }, - { - "name" : "49256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81701", + "refsource": "OSVDB", + "url": "http://osvdb.org/81701" + }, + { + "name": "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157" + }, + { + "name": "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py" + }, + { + "name": "53654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53654" + }, + { + "name": "MDVSA-2013:118", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:118" + }, + { + "name": "http://freecode.com/projects/feedparser/releases/344371", + "refsource": "CONFIRM", + "url": "http://freecode.com/projects/feedparser/releases/344371" + }, + { + "name": "49256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49256" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2951.json b/2012/2xxx/CVE-2012-2951.json index 497310efd2e..cc976cd2de3 100644 --- a/2012/2xxx/CVE-2012-2951.json +++ b/2012/2xxx/CVE-2012-2951.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2951", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6587. Reason: This candidate is a duplicate of CVE-2007-6587. Notes: All CVE users should reference CVE-2007-6587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2951", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6587. Reason: This candidate is a duplicate of CVE-2007-6587. Notes: All CVE users should reference CVE-2007-6587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6267.json b/2012/6xxx/CVE-2012-6267.json index 3204667d4ff..dcfe501f7a0 100644 --- a/2012/6xxx/CVE-2012-6267.json +++ b/2012/6xxx/CVE-2012-6267.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6267", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6267", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6404.json b/2012/6xxx/CVE-2012-6404.json index b0babb8dea6..43107cb617a 100644 --- a/2012/6xxx/CVE-2012-6404.json +++ b/2012/6xxx/CVE-2012-6404.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6404", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6404", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1132.json b/2015/1xxx/CVE-2015-1132.json index 73bce3166f6..74765ac8e2b 100644 --- a/2015/1xxx/CVE-2015-1132.json +++ b/2015/1xxx/CVE-2015-1132.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "73982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73982" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "73982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73982" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1210.json b/2015/1xxx/CVE-2015-1210.json index aa139cead58..9b2a849684c 100644 --- a/2015/1xxx/CVE-2015-1210.json +++ b/2015/1xxx/CVE-2015-1210.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=453979", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=453979" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=189365&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=189365&view=revision" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0163", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0163.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2495-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2495-1" - }, - { - "name" : "72497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72497" - }, - { - "name" : "1031709", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031709" - }, - { - "name" : "62670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62670" - }, - { - "name" : "62818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62818" - }, - { - "name" : "62917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62917" - }, - { - "name" : "62925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62925" - }, - { - "name" : "google-chrome-cve20151210-sec-bypass(100716)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72497" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html" + }, + { + "name": "62818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62818" + }, + { + "name": "62925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62925" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "62917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62917" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=453979", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=453979" + }, + { + "name": "RHSA-2015:0163", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html" + }, + { + "name": "62670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62670" + }, + { + "name": "1031709", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031709" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "google-chrome-cve20151210-sec-bypass(100716)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100716" + }, + { + "name": "USN-2495-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2495-1" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=189365&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=189365&view=revision" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1599.json b/2015/1xxx/CVE-2015-1599.json index b57ebd132c9..69c397db89d 100644 --- a/2015/1xxx/CVE-2015-1599.json +++ b/2015/1xxx/CVE-2015-1599.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1900.json b/2015/1xxx/CVE-2015-1900.json index c6dd03639a2..d14a406f1cc 100644 --- a/2015/1xxx/CVE-2015-1900.json +++ b/2015/1xxx/CVE-2015-1900.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902280", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902280" - }, - { - "name" : "JR52770", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52770" - }, - { - "name" : "75481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902280", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902280" + }, + { + "name": "75481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75481" + }, + { + "name": "JR52770", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52770" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5039.json b/2015/5xxx/CVE-2015-5039.json index 04bfac74f84..46f2ebd1a50 100644 --- a/2015/5xxx/CVE-2015-5039.json +++ b/2015/5xxx/CVE-2015-5039.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21976566", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21976566" - }, - { - "name" : "ibm-clearcase-cve20155039-mitm(106715)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566" + }, + { + "name": "ibm-clearcase-cve20155039-mitm(106715)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5145.json b/2015/5xxx/CVE-2015-5145.json index 2dce1fe25c9..11caa30f8f6 100644 --- a/2015/5xxx/CVE-2015-5145.json +++ b/2015/5xxx/CVE-2015-5145.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/" - }, - { - "name" : "GLSA-201510-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-06" - }, - { - "name" : "75691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75691" - }, - { - "name" : "1032820", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201510-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-06" + }, + { + "name": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/" + }, + { + "name": "75691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75691" + }, + { + "name": "1032820", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032820" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5265.json b/2015/5xxx/CVE-2015-5265.json index 1c77487492b..3ef032b804f 100644 --- a/2015/5xxx/CVE-2015-5265.json +++ b/2015/5xxx/CVE-2015-5265.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150921 Moodle security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=320289", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=320289" - }, - { - "name" : "1033619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371" + }, + { + "name": "[oss-security] 20150921 Moodle security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=320289", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=320289" + }, + { + "name": "1033619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033619" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5291.json b/2015/5xxx/CVE-2015-5291.json index 1c77b11dd70..3f0db40735a 100644 --- a/2015/5xxx/CVE-2015-5291.json +++ b/2015/5xxx/CVE-2015-5291.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf", - "refsource" : "MISC", - "url" : "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf" - }, - { - "name" : "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/", - "refsource" : "MISC", - "url" : "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/" - }, - { - "name" : "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01", - "refsource" : "CONFIRM", - "url" : "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01" - }, - { - "name" : "DSA-3468", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3468" - }, - { - "name" : "FEDORA-2015-30a417bea9", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html" - }, - { - "name" : "FEDORA-2015-7f939b3af5", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html" - }, - { - "name" : "FEDORA-2015-e22bb33731", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html" - }, - { - "name" : "GLSA-201706-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-18" - }, - { - "name" : "openSUSE-SU-2015:2371", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html" - }, - { - "name" : "openSUSE-SU-2015:2257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3468", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3468" + }, + { + "name": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf", + "refsource": "MISC", + "url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf" + }, + { + "name": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/", + "refsource": "MISC", + "url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/" + }, + { + "name": "FEDORA-2015-30a417bea9", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html" + }, + { + "name": "FEDORA-2015-e22bb33731", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html" + }, + { + "name": "FEDORA-2015-7f939b3af5", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html" + }, + { + "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01", + "refsource": "CONFIRM", + "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01" + }, + { + "name": "openSUSE-SU-2015:2257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html" + }, + { + "name": "GLSA-201706-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-18" + }, + { + "name": "openSUSE-SU-2015:2371", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5749.json b/2015/5xxx/CVE-2015-5749.json index 115b8757278..99cf15d5b53 100644 --- a/2015/5xxx/CVE-2015-5749.json +++ b/2015/5xxx/CVE-2015-5749.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76337" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "76337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76337" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11262.json b/2018/11xxx/CVE-2018-11262.json index d63362d0103..402186a1383 100644 --- a/2018/11xxx/CVE-2018-11262.json +++ b/2018/11xxx/CVE-2018-11262.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Calculation of Buffer Size in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin" - }, - { - "name" : "106949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Calculation of Buffer Size in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin" + }, + { + "name": "106949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106949" + }, + { + "name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11759.json b/2018/11xxx/CVE-2018-11759.json index 78e468d238f..7614a8d14d4 100644 --- a/2018/11xxx/CVE-2018-11759.json +++ b/2018/11xxx/CVE-2018-11759.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2018-11759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tomcat Connectors", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2018-11759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat Connectors", + "version": { + "version_data": [ + { + "version_value": "Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html" - }, - { - "name" : "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E", - "refsource" : "MISC", - "url" : "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E" - }, - { - "name" : "DSA-4357", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4357" - }, - { - "name" : "RHSA-2019:0366", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0366" - }, - { - "name" : "RHSA-2019:0367", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0367" - }, - { - "name" : "105888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4357", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4357" + }, + { + "name": "RHSA-2019:0367", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0367" + }, + { + "name": "105888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105888" + }, + { + "name": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E", + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E" + }, + { + "name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html" + }, + { + "name": "RHSA-2019:0366", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0366" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11823.json b/2018/11xxx/CVE-2018-11823.json index 06df5aa449c..6dc22e5ae93 100644 --- a/2018/11xxx/CVE-2018-11823.json +++ b/2018/11xxx/CVE-2018-11823.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=4519cc36b1a396dc55c9b43ab6e8736ae4a6f4cf", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=4519cc36b1a396dc55c9b43ab6e8736ae4a6f4cf" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=4519cc36b1a396dc55c9b43ab6e8736ae4a6f4cf", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=4519cc36b1a396dc55c9b43ab6e8736ae4a6f4cf" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15449.json b/2018/15xxx/CVE-2018-15449.json index fabf83f054d..39386a23d0a 100644 --- a/2018/15xxx/CVE-2018-15449.json +++ b/2018/15xxx/CVE-2018-15449.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-11-07T16:00:00-0600", - "ID" : "CVE-2018-15449", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Video Surveillance Media Server Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Video Surveillance Media Server Software ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "4.3", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-11-07T16:00:00-0600", + "ID": "CVE-2018-15449", + "STATE": "PUBLIC", + "TITLE": "Cisco Video Surveillance Media Server Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Video Surveillance Media Server Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181107 Cisco Video Surveillance Media Server Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vsms-dos" - }, - { - "name" : "105863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105863" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181107-vsms-dos", - "defect" : [ - [ - "CSCvm36780" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105863" + }, + { + "name": "20181107 Cisco Video Surveillance Media Server Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vsms-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181107-vsms-dos", + "defect": [ + [ + "CSCvm36780" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3532.json b/2018/3xxx/CVE-2018-3532.json index 5def12f7a0d..e6e1463565f 100644 --- a/2018/3xxx/CVE-2018-3532.json +++ b/2018/3xxx/CVE-2018-3532.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3532", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3532", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3684.json b/2018/3xxx/CVE-2018-3684.json index 8335780b488..899a606163b 100644 --- a/2018/3xxx/CVE-2018-3684.json +++ b/2018/3xxx/CVE-2018-3684.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2018-3684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Quartus II", - "version" : { - "version_data" : [ - { - "version_value" : "15.0" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2018-3684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Quartus II", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7771.json b/2018/7xxx/CVE-2018-7771.json index 73491e53466..31b8c276d72 100644 --- a/2018/7xxx/CVE-2018-7771.json +++ b/2018/7xxx/CVE-2018-7771.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-04-05T00:00:00", - "ID" : "CVE-2018-7771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "U.Motion", - "version" : { - "version_data" : [ - { - "version_value" : "U.motion Builder Software, all versions prior to v1.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-04-05T00:00:00", + "ID": "CVE-2018-7771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "U.Motion", + "version": { + "version_data": [ + { + "version_value": "U.motion Builder Software, all versions prior to v1.3.4" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8093.json b/2018/8xxx/CVE-2018-8093.json index 67e5ab87066..d726f191c9e 100644 --- a/2018/8xxx/CVE-2018-8093.json +++ b/2018/8xxx/CVE-2018-8093.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8093", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8093", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8100.json b/2018/8xxx/CVE-2018-8100.json index 4d02d679cbf..9ffd3d2cd69 100644 --- a/2018/8xxx/CVE-2018-8100.json +++ b/2018/8xxx/CVE-2018-8100.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", - "refsource" : "MISC", - "url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", + "refsource": "MISC", + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8151.json b/2018/8xxx/CVE-2018-8151.json index 2d688be50ad..b50716bb9ee 100644 --- a/2018/8xxx/CVE-2018-8151.json +++ b/2018/8xxx/CVE-2018-8151.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Exchange Server", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 3 Update Rollup 21" - }, - { - "version_value" : "2013 Cumulative Update 19" - }, - { - "version_value" : "2013 Cumulative Update 20" - }, - { - "version_value" : "2013 Service Pack 1" - }, - { - "version_value" : "2016 Cumulative Update 8" - }, - { - "version_value" : "2016 Cumulative Update 9" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka \"Microsoft Exchange Memory Corruption Vulnerability.\" This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 3 Update Rollup 21" + }, + { + "version_value": "2013 Cumulative Update 19" + }, + { + "version_value": "2013 Cumulative Update 20" + }, + { + "version_value": "2013 Service Pack 1" + }, + { + "version_value": "2016 Cumulative Update 8" + }, + { + "version_value": "2016 Cumulative Update 9" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8151", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8151" - }, - { - "name" : "104042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104042" - }, - { - "name" : "1040850", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka \"Microsoft Exchange Memory Corruption Vulnerability.\" This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104042" + }, + { + "name": "1040850", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040850" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8151", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8151" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8884.json b/2018/8xxx/CVE-2018-8884.json index 6e811b24647..95c8d2cac6c 100644 --- a/2018/8xxx/CVE-2018-8884.json +++ b/2018/8xxx/CVE-2018-8884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8884", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8884", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file