diff --git a/2005/0xxx/CVE-2005-0579.json b/2005/0xxx/CVE-2005-0579.json index 9bd5dcf93f7..f77f026082c 100644 --- a/2005/0xxx/CVE-2005-0579.json +++ b/2005/0xxx/CVE-2005-0579.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[FreeNX-kNX] 20050217 Security: Serious bug in authority handling found and fixed", - "refsource" : "MLIST", - "url" : "http://mail.kde.org/pipermail/freenx-knx/2005-February/000734.html" - }, - { - "name" : "SUSE-SR:2005:006", - "refsource" : "SUSE", - "url" : "http://www.linuxcompatible.org/story42495.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[FreeNX-kNX] 20050217 Security: Serious bug in authority handling found and fixed", + "refsource": "MLIST", + "url": "http://mail.kde.org/pipermail/freenx-knx/2005-February/000734.html" + }, + { + "name": "SUSE-SR:2005:006", + "refsource": "SUSE", + "url": "http://www.linuxcompatible.org/story42495.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0932.json b/2005/0xxx/CVE-2005-0932.json index e96a111fbbc..af42395576d 100644 --- a/2005/0xxx/CVE-2005-0932.json +++ b/2005/0xxx/CVE-2005-0932.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the \"forgotten password\" feature, or (3) the domain name in a package order." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00065-03292005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00065-03292005" - }, - { - "name" : "12917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the \"forgotten password\" feature, or (3) the domain name in a package order." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gulftech.org/?node=research&article_id=00065-03292005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00065-03292005" + }, + { + "name": "12917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12917" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1359.json b/2005/1xxx/CVE-2005-1359.json index c19c1119260..23d899d8822 100644 --- a/2005/1xxx/CVE-2005-1359.json +++ b/2005/1xxx/CVE-2005-1359.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050425 remote command execution in text.cgi script", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111445867315415&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050425 remote command execution in text.cgi script", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111445867315415&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1766.json b/2005/1xxx/CVE-2005-1766.json index 1f5078cbcfb..963d09ed27b 100644 --- a/2005/1xxx/CVE-2005-1766.json +++ b/2005/1xxx/CVE-2005-1766.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050623 RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=250&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "http://service.real.com/help/faq/security/050623_player/EN/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/help/faq/security/050623_player/EN/" - }, - { - "name" : "DSA-826", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-826" - }, - { - "name" : "RHSA-2005:523", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-523.html" - }, - { - "name" : "RHSA-2005:517", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-517.html" - }, - { - "name" : "SUSE-SA:2005:037", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_37_real_player.html" - }, - { - "name" : "oval:org.mitre.oval:def:9509", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9509" - }, - { - "name" : "16981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:517", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-517.html" + }, + { + "name": "DSA-826", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-826" + }, + { + "name": "RHSA-2005:523", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-523.html" + }, + { + "name": "16981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16981" + }, + { + "name": "20050623 RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=250&type=vulnerabilities&flashstatus=true" + }, + { + "name": "oval:org.mitre.oval:def:9509", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9509" + }, + { + "name": "SUSE-SA:2005:037", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_37_real_player.html" + }, + { + "name": "http://service.real.com/help/faq/security/050623_player/EN/", + "refsource": "CONFIRM", + "url": "http://service.real.com/help/faq/security/050623_player/EN/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3003.json b/2005/3xxx/CVE-2005-3003.json index 6ffae212782..8527b63c467 100644 --- a/2005/3xxx/CVE-2005-3003.json +++ b/2005/3xxx/CVE-2005-3003.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in NooTopList 1.0.0 release 17 allows remote attackers to execute arbitrary SQL commands via the (1) o or (2) sort parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.systemsecure.org/ssforum/viewtopic.php?t=249", - "refsource" : "MISC", - "url" : "http://www.systemsecure.org/ssforum/viewtopic.php?t=249" - }, - { - "name" : "1014931", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in NooTopList 1.0.0 release 17 allows remote attackers to execute arbitrary SQL commands via the (1) o or (2) sort parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.systemsecure.org/ssforum/viewtopic.php?t=249", + "refsource": "MISC", + "url": "http://www.systemsecure.org/ssforum/viewtopic.php?t=249" + }, + { + "name": "1014931", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014931" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3129.json b/2005/3xxx/CVE-2005-3129.json index e1639e6102e..8dd08df95ca 100644 --- a/2005/3xxx/CVE-2005-3129.json +++ b/2005/3xxx/CVE-2005-3129.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050929 Serendipity: Account Hijacking / CSRF Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112801570631203&w=2" - }, - { - "name" : "20050929 Serendipity: Account Hijacking / CSRF Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html" - }, - { - "name" : "17011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17011/" - }, - { - "name" : "serendipity-xs-request-forgery(22456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050929 Serendipity: Account Hijacking / CSRF Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112801570631203&w=2" + }, + { + "name": "20050929 Serendipity: Account Hijacking / CSRF Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html" + }, + { + "name": "17011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17011/" + }, + { + "name": "serendipity-xs-request-forgery(22456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22456" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3130.json b/2005/3xxx/CVE-2005-3130.json index 04e75fe7984..53c6853bb82 100644 --- a/2005/3xxx/CVE-2005-3130.json +++ b/2005/3xxx/CVE-2005-3130.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050929 Lucid CMS 1.0.11 SQL Injection / Login Bypass / remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112803020415743&w=2" - }, - { - "name" : "http://rgod.altervista.org/lucidcms1011.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/lucidcms1011.html" - }, - { - "name" : "14976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14976" - }, - { - "name" : "33", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/33" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rgod.altervista.org/lucidcms1011.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/lucidcms1011.html" + }, + { + "name": "20050929 Lucid CMS 1.0.11 SQL Injection / Login Bypass / remote code execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112803020415743&w=2" + }, + { + "name": "33", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/33" + }, + { + "name": "14976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14976" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3137.json b/2005/3xxx/CVE-2005-3137.json index 5edbb2c742f..4d56e34b6f4 100644 --- a/2005/3xxx/CVE-2005-3137.json +++ b/2005/3xxx/CVE-2005-3137.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=107871", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=107871" - }, - { - "name" : "http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0" - }, - { - "name" : "DSA-835", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-835" - }, - { - "name" : "DSA-836", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-836" - }, - { - "name" : "MDKSA-2005:184", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:184" - }, - { - "name" : "USN-198-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-198-1" - }, - { - "name" : "14994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14994" - }, - { - "name" : "17037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17037/" - }, - { - "name" : "17038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17038" - }, - { - "name" : "17040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17040" - }, - { - "name" : "17142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17142" - }, - { - "name" : "17182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17182" - }, - { - "name" : "cfengine-mulitple-file-symlink(22489)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=107871", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=107871" + }, + { + "name": "17040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17040" + }, + { + "name": "cfengine-mulitple-file-symlink(22489)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22489" + }, + { + "name": "14994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14994" + }, + { + "name": "DSA-836", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-836" + }, + { + "name": "USN-198-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-198-1" + }, + { + "name": "DSA-835", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-835" + }, + { + "name": "17182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17182" + }, + { + "name": "17037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17037/" + }, + { + "name": "http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0", + "refsource": "MISC", + "url": "http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0" + }, + { + "name": "17142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17142" + }, + { + "name": "17038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17038" + }, + { + "name": "MDKSA-2005:184", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:184" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3671.json b/2005/3xxx/CVE-2005-3671.json index 190236ba5fa..76614e4e45e 100644 --- a/2005/3xxx/CVE-2005-3671.json +++ b/2005/3xxx/CVE-2005-3671.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" - }, - { - "name" : "http://www.openswan.org/niscc2/", - "refsource" : "CONFIRM", - "url" : "http://www.openswan.org/niscc2/" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" - }, - { - "name" : "http://jvn.jp/niscc/NISCC-273756/index.html", - "refsource" : "MISC", - "url" : "http://jvn.jp/niscc/NISCC-273756/index.html" - }, - { - "name" : "FEDORA-2005-1092", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html" - }, - { - "name" : "FEDORA-2005-1093", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html" - }, - { - "name" : "GLSA-200512-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml" - }, - { - "name" : "20051213 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html" - }, - { - "name" : "20051214 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html" - }, - { - "name" : "SUSE-SA:2005:070", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_70_ipsec.html" - }, - { - "name" : "VU#226364", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/226364" - }, - { - "name" : "15416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15416" - }, - { - "name" : "1015214", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015214" - }, - { - "name" : "18115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18115" - }, - { - "name" : "17581", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17581" - }, - { - "name" : "17980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17980" - }, - { - "name" : "17680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" + }, + { + "name": "15416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15416" + }, + { + "name": "FEDORA-2005-1093", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html" + }, + { + "name": "1015214", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015214" + }, + { + "name": "17581", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17581" + }, + { + "name": "20051214 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html" + }, + { + "name": "http://jvn.jp/niscc/NISCC-273756/index.html", + "refsource": "MISC", + "url": "http://jvn.jp/niscc/NISCC-273756/index.html" + }, + { + "name": "20051213 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html" + }, + { + "name": "GLSA-200512-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" + }, + { + "name": "VU#226364", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/226364" + }, + { + "name": "18115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18115" + }, + { + "name": "17680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17680" + }, + { + "name": "FEDORA-2005-1092", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html" + }, + { + "name": "http://www.openswan.org/niscc2/", + "refsource": "CONFIRM", + "url": "http://www.openswan.org/niscc2/" + }, + { + "name": "17980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17980" + }, + { + "name": "SUSE-SA:2005:070", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_70_ipsec.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4430.json b/2005/4xxx/CVE-2005-4430.json index ce40b53755b..704b8455676 100644 --- a/2005/4xxx/CVE-2005-4430.json +++ b/2005/4xxx/CVE-2005-4430.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/logicbill-10-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/logicbill-10-sql-inj.html" - }, - { - "name" : "16132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16132" - }, - { - "name" : "21368", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21368" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16132" + }, + { + "name": "21368", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21368" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/logicbill-10-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/logicbill-10-sql-inj.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4887.json b/2005/4xxx/CVE-2005-4887.json index c8ca9edc933..1c1c57404e7 100644 --- a/2005/4xxx/CVE-2005-4887.json +++ b/2005/4xxx/CVE-2005-4887.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=133977", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=133977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=133977", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=133977" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0104.json b/2009/0xxx/CVE-2009-0104.json index 2a32dfb7f83..98901dbedca 100644 --- a/2009/0xxx/CVE-2009-0104.json +++ b/2009/0xxx/CVE-2009-0104.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7680", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7680" - }, - { - "name" : "33131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33131" - }, - { - "name" : "4890", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33131" + }, + { + "name": "7680", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7680" + }, + { + "name": "4890", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4890" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0566.json b/2009/0xxx/CVE-2009-0566.json index 86cb3c75b7f..a7f596d9946 100644 --- a/2009/0xxx/CVE-2009-0566.json +++ b/2009/0xxx/CVE-2009-0566.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka \"Pointer Dereference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-030", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-030" - }, - { - "name" : "TA09-195A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-195A.html" - }, - { - "name" : "35599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35599" - }, - { - "name" : "55838", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55838" - }, - { - "name" : "oval:org.mitre.oval:def:6285", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6285" - }, - { - "name" : "1022546", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022546" - }, - { - "name" : "ADV-2009-1888", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka \"Pointer Dereference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6285", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6285" + }, + { + "name": "1022546", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022546" + }, + { + "name": "55838", + "refsource": "OSVDB", + "url": "http://osvdb.org/55838" + }, + { + "name": "MS09-030", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-030" + }, + { + "name": "35599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35599" + }, + { + "name": "ADV-2009-1888", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1888" + }, + { + "name": "TA09-195A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0583.json b/2009/0xxx/CVE-2009-0583.json index 8e2344b4de7..5c2a552d7c4 100644 --- a/2009/0xxx/CVE-2009-0583.json +++ b/2009/0xxx/CVE-2009-0583.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090319 rPSA-2009-0050-1 ghostscript", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501994/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=261087", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=261087" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487742", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487742" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2991", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2991" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm" - }, - { - "name" : "DSA-1746", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1746" - }, - { - "name" : "FEDORA-2009-2883", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html" - }, - { - "name" : "FEDORA-2009-2885", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html" - }, - { - "name" : "FEDORA-2009-3011", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html" - }, - { - "name" : "FEDORA-2009-3031", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html" - }, - { - "name" : "GLSA-200903-37", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml" - }, - { - "name" : "MDVSA-2009:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095" - }, - { - "name" : "MDVSA-2009:096", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096" - }, - { - "name" : "RHSA-2009:0345", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0345.html" - }, - { - "name" : "262288", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "USN-743-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-743-1" - }, - { - "name" : "USN-757-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/757-1/" - }, - { - "name" : "ESB-2009.0259", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=10666" - }, - { - "name" : "34184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34184" - }, - { - "name" : "oval:org.mitre.oval:def:10795", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795" - }, - { - "name" : "1021868", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021868" - }, - { - "name" : "34373", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34373" - }, - { - "name" : "34381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34381" - }, - { - "name" : "34393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34393" - }, - { - "name" : "34398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34398" - }, - { - "name" : "34437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34437" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - }, - { - "name" : "34266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34266" - }, - { - "name" : "34443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34443" - }, - { - "name" : "34469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34469" - }, - { - "name" : "34729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34729" - }, - { - "name" : "35559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35559" - }, - { - "name" : "35569", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35569" - }, - { - "name" : "ADV-2009-0776", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0776" - }, - { - "name" : "ADV-2009-0777", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0777" - }, - { - "name" : "ADV-2009-0816", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0816" - }, - { - "name" : "ADV-2009-1708", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1708" - }, - { - "name" : "ghostscript-icclib-native-color-bo(49329)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34381" + }, + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "34437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34437" + }, + { + "name": "34393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34393" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm" + }, + { + "name": "GLSA-200903-37", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml" + }, + { + "name": "1021868", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021868" + }, + { + "name": "34266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34266" + }, + { + "name": "34443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34443" + }, + { + "name": "FEDORA-2009-3031", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html" + }, + { + "name": "DSA-1746", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1746" + }, + { + "name": "ESB-2009.0259", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=10666" + }, + { + "name": "ADV-2009-0776", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0776" + }, + { + "name": "FEDORA-2009-2885", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html" + }, + { + "name": "262288", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1" + }, + { + "name": "FEDORA-2009-3011", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "34729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34729" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2991", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2991" + }, + { + "name": "oval:org.mitre.oval:def:10795", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795" + }, + { + "name": "MDVSA-2009:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095" + }, + { + "name": "ADV-2009-0816", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0816" + }, + { + "name": "34469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34469" + }, + { + "name": "35569", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35569" + }, + { + "name": "ADV-2009-1708", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1708" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487742", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742" + }, + { + "name": "34184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34184" + }, + { + "name": "MDVSA-2009:096", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096" + }, + { + "name": "35559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35559" + }, + { + "name": "34373", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34373" + }, + { + "name": "34398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34398" + }, + { + "name": "USN-757-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/757-1/" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=261087", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=261087" + }, + { + "name": "RHSA-2009:0345", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html" + }, + { + "name": "FEDORA-2009-2883", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html" + }, + { + "name": "ADV-2009-0777", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0777" + }, + { + "name": "ghostscript-icclib-native-color-bo(49329)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329" + }, + { + "name": "20090319 rPSA-2009-0050-1 ghostscript", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded" + }, + { + "name": "USN-743-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-743-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1591.json b/2009/1xxx/CVE-2009-1591.json index 46c9a0ca64c..e07c7b5f58a 100644 --- a/2009/1xxx/CVE-2009-1591.json +++ b/2009/1xxx/CVE-2009-1591.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090209180123", - "refsource" : "CONFIRM", - "url" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090209180123" - }, - { - "name" : "JVN#28020230", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN28020230/index.html" - }, - { - "name" : "JVNDB-2009-000024", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000024.html" - }, - { - "name" : "35047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35047" - }, - { - "name" : "34862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#28020230", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN28020230/index.html" + }, + { + "name": "34862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34862" + }, + { + "name": "35047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35047" + }, + { + "name": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090209180123", + "refsource": "CONFIRM", + "url": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090209180123" + }, + { + "name": "JVNDB-2009-000024", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000024.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3271.json b/2009/3xxx/CVE-2009-3271.json index add79694527..18be2433265 100644 --- a/2009/3xxx/CVE-2009-3271.json +++ b/2009/3xxx/CVE-2009-3271.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9666", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9666" - }, - { - "name" : "36386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36386" - }, - { - "name" : "iphone-safari-tel-dos(53251)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36386" + }, + { + "name": "9666", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9666" + }, + { + "name": "iphone-safari-tel-dos(53251)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53251" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2018.json b/2012/2xxx/CVE-2012-2018.json index 90ebdf0698e..979358fad06 100644 --- a/2012/2xxx/CVE-2012-2018.json +++ b/2012/2xxx/CVE-2012-2018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-2018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02783", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03343724" - }, - { - "name" : "SSRT100806", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03343724" - }, - { - "name" : "1027215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02783", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03343724" + }, + { + "name": "SSRT100806", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03343724" + }, + { + "name": "1027215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027215" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2071.json b/2012/2xxx/CVE-2012-2071.json index eae6f78ed97..26d46d0b8cb 100644 --- a/2012/2xxx/CVE-2012-2071.json +++ b/2012/2xxx/CVE-2012-2071.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1506404", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1506404" - }, - { - "name" : "http://drupal.org/node/1506330", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1506330" - }, - { - "name" : "52801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52801" - }, - { - "name" : "80674", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80674" - }, - { - "name" : "48583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48583" - }, - { - "name" : "contactforms-pagetitle-xss(74467)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80674", + "refsource": "OSVDB", + "url": "http://osvdb.org/80674" + }, + { + "name": "http://drupal.org/node/1506330", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1506330" + }, + { + "name": "48583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48583" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "contactforms-pagetitle-xss(74467)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74467" + }, + { + "name": "http://drupal.org/node/1506404", + "refsource": "MISC", + "url": "http://drupal.org/node/1506404" + }, + { + "name": "52801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52801" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2372.json b/2012/2xxx/CVE-2012-2372.json index c95917b20c2..c78fe999b6c 100644 --- a/2012/2xxx/CVE-2012-2372.json +++ b/2012/2xxx/CVE-2012-2372.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=822754", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=822754" - }, - { - "name" : "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=c7b6a0a1d8d636852be130fa15fa8be10d4704e8", - "refsource" : "CONFIRM", - "url" : "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=c7b6a0a1d8d636852be130fa15fa8be10d4704e8" - }, - { - "name" : "HPSBGN02970", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2" - }, - { - "name" : "RHSA-2012:0743", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0743.html" - }, - { - "name" : "RHSA-2012:1540", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1540.html" - }, - { - "name" : "SUSE-SU-2012:1679", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" - }, - { - "name" : "USN-1529-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1529-1" - }, - { - "name" : "USN-1555-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1555-1" - }, - { - "name" : "USN-1556-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1556-1" - }, - { - "name" : "54062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1540", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1540.html" + }, + { + "name": "USN-1556-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1556-1" + }, + { + "name": "RHSA-2012:0743", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html" + }, + { + "name": "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=c7b6a0a1d8d636852be130fa15fa8be10d4704e8", + "refsource": "CONFIRM", + "url": "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=c7b6a0a1d8d636852be130fa15fa8be10d4704e8" + }, + { + "name": "54062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54062" + }, + { + "name": "SUSE-SU-2012:1679", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=822754", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=822754" + }, + { + "name": "USN-1555-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1555-1" + }, + { + "name": "USN-1529-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1529-1" + }, + { + "name": "HPSBGN02970", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2596.json b/2012/2xxx/CVE-2012-2596.json index 3398471f55c..f14acbd1f59 100644 --- a/2012/2xxx/CVE-2012-2596.json +++ b/2012/2xxx/CVE-2012-2596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an \"XML injection\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an \"XML injection\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2678.json b/2012/2xxx/CVE-2012-2678.json index 92a450d2294..4388237d4b9 100644 --- a/2012/2xxx/CVE-2012-2678.json +++ b/2012/2xxx/CVE-2012-2678.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://directory.fedoraproject.org/wiki/Release_Notes", - "refsource" : "CONFIRM", - "url" : "http://directory.fedoraproject.org/wiki/Release_Notes" - }, - { - "name" : "HPSBUX02881", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083" - }, - { - "name" : "SSRT101189", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083" - }, - { - "name" : "RHSA-2012:0997", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0997.html" - }, - { - "name" : "RHSA-2012:1041", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1041.html" - }, - { - "name" : "54153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54153" - }, - { - "name" : "83336", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83336" - }, - { - "name" : "oval:org.mitre.oval:def:19353", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353" - }, - { - "name" : "49734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:19353", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353" + }, + { + "name": "49734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49734" + }, + { + "name": "SSRT101189", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083" + }, + { + "name": "83336", + "refsource": "OSVDB", + "url": "http://osvdb.org/83336" + }, + { + "name": "54153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54153" + }, + { + "name": "http://directory.fedoraproject.org/wiki/Release_Notes", + "refsource": "CONFIRM", + "url": "http://directory.fedoraproject.org/wiki/Release_Notes" + }, + { + "name": "HPSBUX02881", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083" + }, + { + "name": "RHSA-2012:1041", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html" + }, + { + "name": "RHSA-2012:0997", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2862.json b/2012/2xxx/CVE-2012-2862.json index c43191ee22f..960fd3b3b3f 100644 --- a/2012/2xxx/CVE-2012-2862.json +++ b/2012/2xxx/CVE-2012-2862.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=136643", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=136643" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=137721", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=137721" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=137957", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=137957" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14788", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=137721", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=137721" + }, + { + "name": "oval:org.mitre.oval:def:14788", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14788" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=137957", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=137957" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=136643", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=136643" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2994.json b/2012/2xxx/CVE-2012-2994.json index 06e1174a98c..a4542239adc 100644 --- a/2012/2xxx/CVE-2012-2994.json +++ b/2012/2xxx/CVE-2012-2994.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#591667", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/591667" - }, - { - "name" : "50604", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#591667", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/591667" + }, + { + "name": "50604", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50604" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0154.json b/2015/0xxx/CVE-2015-0154.json index 12e1f6612ac..6d0c633d717 100644 --- a/2015/0xxx/CVE-2015-0154.json +++ b/2015/0xxx/CVE-2015-0154.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0154", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-0154", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1073.json b/2015/1xxx/CVE-2015-1073.json index 9fb1e2f94e0..c042d90d227 100644 --- a/2015/1xxx/CVE-2015-1073.json +++ b/2015/1xxx/CVE-2015-1073.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204560", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204560" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-03-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "1031936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "APPLE-SA-2015-03-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "1031936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031936" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "https://support.apple.com/HT204560", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204560" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1158.json b/2015/1xxx/CVE-2015-1158.json index 550728ebc43..cb5cd3cac3e 100644 --- a/2015/1xxx/CVE-2015-1158.json +++ b/2015/1xxx/CVE-2015-1158.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41233", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41233/" - }, - { - "name" : "37336", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37336/" - }, - { - "name" : "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html", - "refsource" : "MISC", - "url" : "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html" - }, - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=455", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=455" - }, - { - "name" : "https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py", - "refsource" : "MISC", - "url" : "https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py" - }, - { - "name" : "http://www.cups.org/blog.php?L1082", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/blog.php?L1082" - }, - { - "name" : "https://bugzilla.opensuse.org/show_bug.cgi?id=924208", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.opensuse.org/show_bug.cgi?id=924208" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1221641", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1221641" - }, - { - "name" : "https://www.cups.org/str.php?L4609", - "refsource" : "CONFIRM", - "url" : "https://www.cups.org/str.php?L4609" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702" - }, - { - "name" : "DSA-3283", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3283" - }, - { - "name" : "GLSA-201510-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-07" - }, - { - "name" : "RHSA-2015:1123", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1123.html" - }, - { - "name" : "SUSE-SU-2015:1041", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:1044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html" - }, - { - "name" : "openSUSE-SU-2015:1056", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html" - }, - { - "name" : "USN-2629-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2629-1" - }, - { - "name" : "VU#810572", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/810572" - }, - { - "name" : "75098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75098" - }, - { - "name" : "1032556", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1221641", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221641" + }, + { + "name": "DSA-3283", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3283" + }, + { + "name": "RHSA-2015:1123", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1123.html" + }, + { + "name": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208", + "refsource": "CONFIRM", + "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208" + }, + { + "name": "USN-2629-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2629-1" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702" + }, + { + "name": "1032556", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032556" + }, + { + "name": "SUSE-SU-2015:1044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html" + }, + { + "name": "http://www.cups.org/blog.php?L1082", + "refsource": "CONFIRM", + "url": "http://www.cups.org/blog.php?L1082" + }, + { + "name": "VU#810572", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/810572" + }, + { + "name": "75098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75098" + }, + { + "name": "https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py", + "refsource": "MISC", + "url": "https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py" + }, + { + "name": "https://www.cups.org/str.php?L4609", + "refsource": "CONFIRM", + "url": "https://www.cups.org/str.php?L4609" + }, + { + "name": "GLSA-201510-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-07" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=455", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=455" + }, + { + "name": "SUSE-SU-2015:1041", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html" + }, + { + "name": "37336", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37336/" + }, + { + "name": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html", + "refsource": "MISC", + "url": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html" + }, + { + "name": "41233", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41233/" + }, + { + "name": "openSUSE-SU-2015:1056", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1353.json b/2015/1xxx/CVE-2015-1353.json index 75fd66085ff..ba2824b43c8 100644 --- a/2015/1xxx/CVE-2015-1353.json +++ b/2015/1xxx/CVE-2015-1353.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1353", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it cannot be considered a security issue in the originally named product because of that product's specification. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1353", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it cannot be considered a security issue in the originally named product because of that product's specification. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1397.json b/2015/1xxx/CVE-2015-1397.json index f38b7333acd..455a0aa3de7 100644 --- a/2015/1xxx/CVE-2015-1397.json +++ b/2015/1xxx/CVE-2015-1397.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/", - "refsource" : "MISC", - "url" : "http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/" - }, - { - "name" : "https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html", - "refsource" : "MISC", - "url" : "https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html" - }, - { - "name" : "http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability", - "refsource" : "CONFIRM", - "url" : "http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability" - }, - { - "name" : "1032194", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability", + "refsource": "CONFIRM", + "url": "http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability" + }, + { + "name": "1032194", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032194" + }, + { + "name": "https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html", + "refsource": "MISC", + "url": "https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html" + }, + { + "name": "http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/", + "refsource": "MISC", + "url": "http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1734.json b/2015/1xxx/CVE-2015-1734.json index 37c4a6ad5b8..5b9b0297dc8 100644 --- a/2015/1xxx/CVE-2015-1734.json +++ b/2015/1xxx/CVE-2015-1734.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1734", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1734", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1750.json b/2015/1xxx/CVE-2015-1750.json index 58e8d295ba6..3211dc7e830 100644 --- a/2015/1xxx/CVE-2015-1750.json +++ b/2015/1xxx/CVE-2015-1750.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1753." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" - }, - { - "name" : "74987", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74987" - }, - { - "name" : "1032521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1753." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74987", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74987" + }, + { + "name": "MS15-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" + }, + { + "name": "1032521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032521" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5033.json b/2015/5xxx/CVE-2015-5033.json index 67ffc671dae..4f2d1dcdac2 100644 --- a/2015/5xxx/CVE-2015-5033.json +++ b/2015/5xxx/CVE-2015-5033.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5033", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5033", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5037.json b/2015/5xxx/CVE-2015-5037.json index 6b73e32e623..64cf0f166a5 100644 --- a/2015/5xxx/CVE-2015-5037.json +++ b/2015/5xxx/CVE-2015-5037.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971439", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971439" - }, - { - "name" : "LO87020", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO87020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971439", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971439" + }, + { + "name": "LO87020", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO87020" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5553.json b/2015/5xxx/CVE-2015-5553.json index 7837ee52e99..9edd794c5d5 100644 --- a/2015/5xxx/CVE-2015-5553.json +++ b/2015/5xxx/CVE-2015-5553.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, and CVE-2015-5552." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201508-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201508-01" - }, - { - "name" : "RHSA-2015:1603", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "76283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76283" - }, - { - "name" : "1033235", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, and CVE-2015-5552." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "76283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76283" + }, + { + "name": "GLSA-201508-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201508-01" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "1033235", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033235" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "name": "RHSA-2015:1603", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5578.json b/2015/5xxx/CVE-2015-5578.json index 3d2afbc4790..879d192c857 100644 --- a/2015/5xxx/CVE-2015-5578.json +++ b/2015/5xxx/CVE-2015-5578.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76799" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "76799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76799" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11359.json b/2018/11xxx/CVE-2018-11359.json index 4e29058907b..b362859dec4 100644 --- a/2018/11xxx/CVE-2018-11359.json +++ b/2018/11xxx/CVE-2018-11359.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beaebe91b14564fb9f86f0726bab09927872721b", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beaebe91b14564fb9f86f0726bab09927872721b" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-33.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-33.html" - }, - { - "name" : "104308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104308" - }, - { - "name" : "1041036", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104308" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beaebe91b14564fb9f86f0726bab09927872721b", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beaebe91b14564fb9f86f0726bab09927872721b" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-33.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-33.html" + }, + { + "name": "1041036", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041036" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11505.json b/2018/11xxx/CVE-2018-11505.json index 890c28b6ae6..9b38efe232f 100644 --- a/2018/11xxx/CVE-2018-11505.json +++ b/2018/11xxx/CVE-2018-11505.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44776", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44776/" - }, - { - "name" : "https://pastebin.com/NtPn3jB8", - "refsource" : "MISC", - "url" : "https://pastebin.com/NtPn3jB8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pastebin.com/NtPn3jB8", + "refsource": "MISC", + "url": "https://pastebin.com/NtPn3jB8" + }, + { + "name": "44776", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44776/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11554.json b/2018/11xxx/CVE-2018-11554.json index 0d1870711f8..695647932fb 100644 --- a/2018/11xxx/CVE-2018-11554.json +++ b/2018/11xxx/CVE-2018-11554.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11644.json b/2018/11xxx/CVE-2018-11644.json index e7a62cda00e..b4aec041e88 100644 --- a/2018/11xxx/CVE-2018-11644.json +++ b/2018/11xxx/CVE-2018-11644.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11644", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11644", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3161.json b/2018/3xxx/CVE-2018-3161.json index 0d5bcd4b777..d3f863fcad6 100644 --- a/2018/3xxx/CVE-2018-3161.json +++ b/2018/3xxx/CVE-2018-3161.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.23 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.23 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3799-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3799-1/" - }, - { - "name" : "105594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105594" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "USN-3799-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3799-1/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105594" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3941.json b/2018/3xxx/CVE-2018-3941.json index c37ff18adb4..b84d7692d38 100644 --- a/2018/3xxx/CVE-2018-3941.json +++ b/2018/3xxx/CVE-2018-3941.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit PDF Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit PDF Reader", + "version": { + "version_data": [ + { + "version_value": "9.1.0.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0608", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0608" - }, - { - "name" : "1041769", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0608", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0608" + }, + { + "name": "1041769", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041769" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3944.json b/2018/3xxx/CVE-2018-3944.json index d2481073439..19724277be1 100644 --- a/2018/3xxx/CVE-2018-3944.json +++ b/2018/3xxx/CVE-2018-3944.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit PDF Reader", - "version" : { - "version_data" : [ - { - "version_value" : "Foxit Software Foxit PDF Reader 9.1.0.5096." - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit PDF Reader", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.1.0.5096." + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0611", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0611" - }, - { - "name" : "1041769", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041769", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041769" + }, + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0611", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0611" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7432.json b/2018/7xxx/CVE-2018-7432.json index a8faa1448cf..97180e51e2a 100644 --- a/2018/7xxx/CVE-2018-7432.json +++ b/2018/7xxx/CVE-2018-7432.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.splunk.com/view/SP-CAAAP5T", - "refsource" : "CONFIRM", - "url" : "https://www.splunk.com/view/SP-CAAAP5T" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.splunk.com/view/SP-CAAAP5T", + "refsource": "CONFIRM", + "url": "https://www.splunk.com/view/SP-CAAAP5T" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7583.json b/2018/7xxx/CVE-2018-7583.json index b6fd1136bdb..b46285c6522 100644 --- a/2018/7xxx/CVE-2018-7583.json +++ b/2018/7xxx/CVE-2018-7583.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44222", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44222/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44222", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44222/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8461.json b/2018/8xxx/CVE-2018-8461.json index 918dc3bed19..d2a54118291 100644 --- a/2018/8xxx/CVE-2018-8461.json +++ b/2018/8xxx/CVE-2018-8461.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8447." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8461", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8461" - }, - { - "name" : "105258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105258" - }, - { - "name" : "1041632", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8447." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8461", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8461" + }, + { + "name": "1041632", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041632" + }, + { + "name": "105258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105258" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8981.json b/2018/8xxx/CVE-2018-8981.json index 17d29e48759..7c0edf2132d 100644 --- a/2018/8xxx/CVE-2018-8981.json +++ b/2018/8xxx/CVE-2018-8981.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8981", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8981", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file