From 7731836699b01f9cb2954900fe64eb962f002921 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:20:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/2xxx/CVE-2002-2095.json | 140 ++++---- 2005/0xxx/CVE-2005-0131.json | 200 +++++------ 2005/0xxx/CVE-2005-0139.json | 150 ++++----- 2005/0xxx/CVE-2005-0323.json | 170 +++++----- 2005/0xxx/CVE-2005-0385.json | 170 +++++----- 2005/0xxx/CVE-2005-0414.json | 160 ++++----- 2005/1xxx/CVE-2005-1450.json | 140 ++++---- 2005/1xxx/CVE-2005-1704.json | 490 +++++++++++++-------------- 2005/4xxx/CVE-2005-4015.json | 160 ++++----- 2005/4xxx/CVE-2005-4085.json | 190 +++++------ 2005/4xxx/CVE-2005-4615.json | 140 ++++---- 2009/0xxx/CVE-2009-0063.json | 180 +++++----- 2009/0xxx/CVE-2009-0497.json | 180 +++++----- 2009/0xxx/CVE-2009-0691.json | 170 +++++----- 2009/0xxx/CVE-2009-0876.json | 220 ++++++------ 2009/0xxx/CVE-2009-0981.json | 200 +++++------ 2009/1xxx/CVE-2009-1277.json | 140 ++++---- 2009/1xxx/CVE-2009-1752.json | 140 ++++---- 2009/3xxx/CVE-2009-3845.json | 190 +++++------ 2009/3xxx/CVE-2009-3879.json | 190 +++++------ 2009/4xxx/CVE-2009-4028.json | 230 ++++++------- 2009/4xxx/CVE-2009-4357.json | 160 ++++----- 2009/4xxx/CVE-2009-4501.json | 150 ++++----- 2009/4xxx/CVE-2009-4832.json | 140 ++++---- 2009/4xxx/CVE-2009-4933.json | 150 ++++----- 2012/2xxx/CVE-2012-2569.json | 160 ++++----- 2012/2xxx/CVE-2012-2993.json | 160 ++++----- 2012/3xxx/CVE-2012-3253.json | 140 ++++---- 2012/6xxx/CVE-2012-6255.json | 34 +- 2012/6xxx/CVE-2012-6295.json | 34 +- 2012/6xxx/CVE-2012-6619.json | 190 +++++------ 2015/1xxx/CVE-2015-1125.json | 140 ++++---- 2015/1xxx/CVE-2015-1428.json | 160 ++++----- 2015/1xxx/CVE-2015-1791.json | 600 ++++++++++++++++----------------- 2015/1xxx/CVE-2015-1807.json | 150 ++++----- 2015/5xxx/CVE-2015-5042.json | 120 +++---- 2015/5xxx/CVE-2015-5098.json | 130 +++---- 2015/5xxx/CVE-2015-5603.json | 170 +++++----- 2015/5xxx/CVE-2015-5806.json | 190 +++++------ 2018/11xxx/CVE-2018-11558.json | 120 +++---- 2018/11xxx/CVE-2018-11834.json | 34 +- 2018/15xxx/CVE-2018-15244.json | 34 +- 2018/3xxx/CVE-2018-3195.json | 152 ++++----- 2018/3xxx/CVE-2018-3201.json | 142 ++++---- 2018/3xxx/CVE-2018-3317.json | 34 +- 2018/3xxx/CVE-2018-3491.json | 34 +- 2018/3xxx/CVE-2018-3764.json | 120 +++---- 2018/3xxx/CVE-2018-3922.json | 122 +++---- 2018/7xxx/CVE-2018-7425.json | 34 +- 2018/8xxx/CVE-2018-8152.json | 146 ++++---- 2018/8xxx/CVE-2018-8180.json | 34 +- 2018/8xxx/CVE-2018-8364.json | 34 +- 2018/8xxx/CVE-2018-8656.json | 34 +- 53 files changed, 4001 insertions(+), 4001 deletions(-) diff --git a/2002/2xxx/CVE-2002-2095.json b/2002/2xxx/CVE-2002-2095.json index 4e482339299..6e8dc1dd7d5 100644 --- a/2002/2xxx/CVE-2002-2095.json +++ b/2002/2xxx/CVE-2002-2095.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020118 Vulnerability in hellbent", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-01/0228.html" - }, - { - "name" : "3909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3909" - }, - { - "name" : "hellbent-prefs-obtain-info(7931)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7931.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hellbent-prefs-obtain-info(7931)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7931.php" + }, + { + "name": "3909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3909" + }, + { + "name": "20020118 Vulnerability in hellbent", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0228.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0131.json b/2005/0xxx/CVE-2005-0131.json index 8e0b7e41aed..edd06735123 100644 --- a/2005/0xxx/CVE-2005-0131.json +++ b/2005/0xxx/CVE-2005-0131.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050119 Multiple vulnerabilities in Konversation", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html" - }, - { - "name" : "20050119 Multiple vulnerabilities in Konversation", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110626383310742&w=2" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20050121-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20050121-1.txt" - }, - { - "name" : "GLSA-200501-34", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml" - }, - { - "name" : "12312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12312" - }, - { - "name" : "1012972", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012972" - }, - { - "name" : "13919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13919" - }, - { - "name" : "13989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13989" - }, - { - "name" : "konversation-nick-password-information-disclosure(19038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13919" + }, + { + "name": "20050119 Multiple vulnerabilities in Konversation", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html" + }, + { + "name": "http://www.kde.org/info/security/advisory-20050121-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20050121-1.txt" + }, + { + "name": "12312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12312" + }, + { + "name": "13989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13989" + }, + { + "name": "konversation-nick-password-information-disclosure(19038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19038" + }, + { + "name": "GLSA-200501-34", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml" + }, + { + "name": "20050119 Multiple vulnerabilities in Konversation", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110626383310742&w=2" + }, + { + "name": "1012972", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012972" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0139.json b/2005/0xxx/CVE-2005-0139.json index 575def18e3e..93d25e04df4 100644 --- a/2005/0xxx/CVE-2005-0139.json +++ b/2005/0xxx/CVE-2005-0139.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050601-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20050601-01-U" - }, - { - "name" : "P-214", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-214.shtml" - }, - { - "name" : "ADV-2005-0702", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0702" - }, - { - "name" : "15619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050601-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20050601-01-U" + }, + { + "name": "ADV-2005-0702", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0702" + }, + { + "name": "15619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15619" + }, + { + "name": "P-214", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-214.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0323.json b/2005/0xxx/CVE-2005-0323.json index c290dfaff0d..443b9ac343e 100644 --- a/2005/0xxx/CVE-2005-0323.json +++ b/2005/0xxx/CVE-2005-0323.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050129 XSS in Infinite Mobile Delivery v2.6 Webmail", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110703630922262&w=2" - }, - { - "name" : "http://www.lovebug.org/imd_advisory.txt", - "refsource" : "MISC", - "url" : "http://www.lovebug.org/imd_advisory.txt" - }, - { - "name" : "12399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12399" - }, - { - "name" : "1013044", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013044" - }, - { - "name" : "14075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14075" - }, - { - "name" : "infinite-mobile-delivery-xss(19151)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12399" + }, + { + "name": "14075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14075" + }, + { + "name": "infinite-mobile-delivery-xss(19151)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19151" + }, + { + "name": "http://www.lovebug.org/imd_advisory.txt", + "refsource": "MISC", + "url": "http://www.lovebug.org/imd_advisory.txt" + }, + { + "name": "20050129 XSS in Infinite Mobile Delivery v2.6 Webmail", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110703630922262&w=2" + }, + { + "name": "1013044", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013044" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0385.json b/2005/0xxx/CVE-2005-0385.json index 9b986012ccc..d23835de08b 100644 --- a/2005/0xxx/CVE-2005-0385.json +++ b/2005/0xxx/CVE-2005-0385.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in luxman before 0.41, if used with certain insecure svgalib libraries, allows local users to execute arbitrary code via a long -f command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-0385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050314 DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow'", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/393195/2005-03-13/2005-03-19/0" - }, - { - "name" : "http://www.digitalmunition.com/DMA[2005-0310a].txt", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/DMA[2005-0310a].txt" - }, - { - "name" : "DSA-693", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-693" - }, - { - "name" : "12797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12797" - }, - { - "name" : "14582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14582" - }, - { - "name" : "luxman-bo-execute-commands(19680)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in luxman before 0.41, if used with certain insecure svgalib libraries, allows local users to execute arbitrary code via a long -f command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-693", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-693" + }, + { + "name": "20050314 DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow'", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/393195/2005-03-13/2005-03-19/0" + }, + { + "name": "luxman-bo-execute-commands(19680)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19680" + }, + { + "name": "http://www.digitalmunition.com/DMA[2005-0310a].txt", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/DMA[2005-0310a].txt" + }, + { + "name": "12797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12797" + }, + { + "name": "14582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14582" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0414.json b/2005/0xxx/CVE-2005-0414.json index 3c0da8c1185..e1b926a1c20 100644 --- a/2005/0xxx/CVE-2005-0414.json +++ b/2005/0xxx/CVE-2005-0414.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050124 Multiple vulnerabilities in MercuryBoard 1.1.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110661795632354&w=2" - }, - { - "name" : "20050209 Mercuryboard =?iso-8859-1?Q?<=3D?= 1.1.1 Working Sql Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110797495532358&w=2" - }, - { - "name" : "http://cvs.sunsite.dk/viewcvs.cgi/mercury/func/post.php.diff?r1=1.68&r2=1.70", - "refsource" : "CONFIRM", - "url" : "http://cvs.sunsite.dk/viewcvs.cgi/mercury/func/post.php.diff?r1=1.68&r2=1.70" - }, - { - "name" : "1013137", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013137" - }, - { - "name" : "mercuryboard-index-sql-injection(19051)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050124 Multiple vulnerabilities in MercuryBoard 1.1.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110661795632354&w=2" + }, + { + "name": "http://cvs.sunsite.dk/viewcvs.cgi/mercury/func/post.php.diff?r1=1.68&r2=1.70", + "refsource": "CONFIRM", + "url": "http://cvs.sunsite.dk/viewcvs.cgi/mercury/func/post.php.diff?r1=1.68&r2=1.70" + }, + { + "name": "1013137", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013137" + }, + { + "name": "20050209 Mercuryboard =?iso-8859-1?Q?<=3D?= 1.1.1 Working Sql Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110797495532358&w=2" + }, + { + "name": "mercuryboard-index-sql-injection(19051)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19051" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1450.json b/2005/1xxx/CVE-2005-1450.json index ba28d6a540b..dcb5e3bd1f2 100644 --- a/2005/1xxx/CVE-2005-1450.json +++ b/2005/1xxx/CVE-2005-1450.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in \"the function used to validate path-names for uploading media\" in Serendipity before 0.8 has unknown impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.s9y.org/63.html#A9", - "refsource" : "CONFIRM", - "url" : "http://www.s9y.org/63.html#A9" - }, - { - "name" : "15877", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15877" - }, - { - "name" : "15145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in \"the function used to validate path-names for uploading media\" in Serendipity before 0.8 has unknown impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15145" + }, + { + "name": "http://www.s9y.org/63.html#A9", + "refsource": "CONFIRM", + "url": "http://www.s9y.org/63.html#A9" + }, + { + "name": "15877", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15877" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1704.json b/2005/1xxx/CVE-2005-1704.json index 91e9740280f..819d0d6e644 100644 --- a/2005/1xxx/CVE-2005-1704.json +++ b/2005/1xxx/CVE-2005-1704.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464745/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=91398", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=91398" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html" - }, - { - "name" : "CLA-2006:1060", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060" - }, - { - "name" : "GLSA-200505-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200505-15.xml" - }, - { - "name" : "GLSA-200506-01", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml" - }, - { - "name" : "MDKSA-2005:095", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095" - }, - { - "name" : "MDKSA-2005:215", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:215" - }, - { - "name" : "RHSA-2005:659", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-659.html" - }, - { - "name" : "RHSA-2005:763", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-763.html" - }, - { - "name" : "RHSA-2005:801", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-801.html" - }, - { - "name" : "RHSA-2005:673", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-673.html" - }, - { - "name" : "RHSA-2005:709", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-709.html" - }, - { - "name" : "RHSA-2006:0368", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0368.html" - }, - { - "name" : "RHSA-2006:0354", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0354.html" - }, - { - "name" : "20060703-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" - }, - { - "name" : "2005-0025", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0025/" - }, - { - "name" : "USN-136-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/136-1/" - }, - { - "name" : "13697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13697" - }, - { - "name" : "oval:org.mitre.oval:def:9071", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9071" - }, - { - "name" : "ADV-2007-1267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1267" - }, - { - "name" : "16757", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16757" - }, - { - "name" : "1016544", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016544" - }, - { - "name" : "15527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15527" - }, - { - "name" : "17718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17718" - }, - { - "name" : "17072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17072" - }, - { - "name" : "17135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17135" - }, - { - "name" : "17257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17257" - }, - { - "name" : "17356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17356" - }, - { - "name" : "17001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17001" - }, - { - "name" : "18506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18506" - }, - { - "name" : "21122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21122" - }, - { - "name" : "21262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21262" - }, - { - "name" : "21717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21717" - }, - { - "name" : "24788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13697" + }, + { + "name": "17072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17072" + }, + { + "name": "21122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21122" + }, + { + "name": "2005-0025", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0025/" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf" + }, + { + "name": "RHSA-2006:0368", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0368.html" + }, + { + "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" + }, + { + "name": "18506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18506" + }, + { + "name": "CLA-2006:1060", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060" + }, + { + "name": "RHSA-2005:709", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-709.html" + }, + { + "name": "ADV-2007-1267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1267" + }, + { + "name": "21262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21262" + }, + { + "name": "RHSA-2005:673", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-673.html" + }, + { + "name": "MDKSA-2005:215", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:215" + }, + { + "name": "17001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17001" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm" + }, + { + "name": "RHSA-2006:0354", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0354.html" + }, + { + "name": "RHSA-2005:801", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-801.html" + }, + { + "name": "RHSA-2005:763", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-763.html" + }, + { + "name": "24788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24788" + }, + { + "name": "USN-136-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/136-1/" + }, + { + "name": "GLSA-200505-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200505-15.xml" + }, + { + "name": "GLSA-200506-01", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml" + }, + { + "name": "oval:org.mitre.oval:def:9071", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9071" + }, + { + "name": "MDKSA-2005:095", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095" + }, + { + "name": "15527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15527" + }, + { + "name": "17257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17257" + }, + { + "name": "17135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17135" + }, + { + "name": "17356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17356" + }, + { + "name": "1016544", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016544" + }, + { + "name": "17718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17718" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=91398", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=91398" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html" + }, + { + "name": "16757", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16757" + }, + { + "name": "21717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21717" + }, + { + "name": "RHSA-2005:659", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-659.html" + }, + { + "name": "20060703-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4015.json b/2005/4xxx/CVE-2005-4015.json index f102110dc7f..f0f78294d6d 100644 --- a/2005/4xxx/CVE-2005-4015.json +++ b/2005/4xxx/CVE-2005-4015.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051128 Php Web Statistik Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html" - }, - { - "name" : "http://www.ush.it/2005/11/19/php-web-statistik/", - "refsource" : "MISC", - "url" : "http://www.ush.it/2005/11/19/php-web-statistik/" - }, - { - "name" : "http://freewebstat.com/changelog-english.html", - "refsource" : "MISC", - "url" : "http://freewebstat.com/changelog-english.html" - }, - { - "name" : "214", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/214" - }, - { - "name" : "phpwebstatistik-disk-quota-dos(23386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://freewebstat.com/changelog-english.html", + "refsource": "MISC", + "url": "http://freewebstat.com/changelog-english.html" + }, + { + "name": "20051128 Php Web Statistik Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html" + }, + { + "name": "http://www.ush.it/2005/11/19/php-web-statistik/", + "refsource": "MISC", + "url": "http://www.ush.it/2005/11/19/php-web-statistik/" + }, + { + "name": "phpwebstatistik-disk-quota-dos(23386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23386" + }, + { + "name": "214", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/214" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4085.json b/2005/4xxx/CVE-2005-4085.json index bb22dc35c0a..5285e183c8f 100644 --- a/2005/4xxx/CVE-2005-4085.json +++ b/2005/4xxx/CVE-2005-4085.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060105 Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364" - }, - { - "name" : "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html", - "refsource" : "CONFIRM", - "url" : "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html" - }, - { - "name" : "16147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16147" - }, - { - "name" : "ADV-2006-0065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0065" - }, - { - "name" : "ADV-2006-0622", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0622" - }, - { - "name" : "1015441", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015441" - }, - { - "name" : "18288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18288" - }, - { - "name" : "18909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18909" + }, + { + "name": "1015441", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015441" + }, + { + "name": "ADV-2006-0622", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0622" + }, + { + "name": "ADV-2006-0065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0065" + }, + { + "name": "18288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18288" + }, + { + "name": "20060105 Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364" + }, + { + "name": "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html", + "refsource": "CONFIRM", + "url": "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html" + }, + { + "name": "16147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16147" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4615.json b/2005/4xxx/CVE-2005-4615.json index cb22748cc17..550affcc04a 100644 --- a/2005/4xxx/CVE-2005-4615.json +++ b/2005/4xxx/CVE-2005-4615.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/dapperdesk-30x-page-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/dapperdesk-30x-page-sql-inj.html" - }, - { - "name" : "21315", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21315" - }, - { - "name" : "dapperdesk-news-sql-injection(24354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21315", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21315" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/dapperdesk-30x-page-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/dapperdesk-30x-page-sql-inj.html" + }, + { + "name": "dapperdesk-news-sql-injection(24354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24354" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0063.json b/2009/0xxx/CVE-2009-0063.json index 2f92f457795..7eec1bebbba 100644 --- a/2009/0xxx/CVE-2009-0063.json +++ b/2009/0xxx/CVE-2009-0063.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01" - }, - { - "name" : "34641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34641" - }, - { - "name" : "53944", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53944" - }, - { - "name" : "1022116", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022116" - }, - { - "name" : "34885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34885" - }, - { - "name" : "ADV-2009-1155", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1155" - }, - { - "name" : "brightmail-controlcenter-xss(50074)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1155", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1155" + }, + { + "name": "34885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34885" + }, + { + "name": "brightmail-controlcenter-xss(50074)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50074" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01" + }, + { + "name": "1022116", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022116" + }, + { + "name": "34641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34641" + }, + { + "name": "53944", + "refsource": "OSVDB", + "url": "http://osvdb.org/53944" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0497.json b/2009/0xxx/CVE-2009-0497.json index cb3e24d6746..8a3d24f34ef 100644 --- a/2009/0xxx/CVE-2009-0497.json +++ b/2009/0xxx/CVE-2009-0497.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in the log parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090108 CORE-2008-1128: Openfire multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499880/100/0/threaded" - }, - { - "name" : "http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp", - "refsource" : "MISC", - "url" : "http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp" - }, - { - "name" : "http://www.coresecurity.com/content/openfire-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/openfire-multiple-vulnerabilities" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=257585", - "refsource" : "MISC", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=257585" - }, - { - "name" : "32945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32945" - }, - { - "name" : "33452", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33452" - }, - { - "name" : "openfire-log-directory-traversal(47806)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in the log parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=257585", + "refsource": "MISC", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=257585" + }, + { + "name": "http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp", + "refsource": "MISC", + "url": "http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp" + }, + { + "name": "33452", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33452" + }, + { + "name": "32945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32945" + }, + { + "name": "20090108 CORE-2008-1128: Openfire multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499880/100/0/threaded" + }, + { + "name": "openfire-log-directory-traversal(47806)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47806" + }, + { + "name": "http://www.coresecurity.com/content/openfire-multiple-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/openfire-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0691.json b/2009/0xxx/CVE-2009-0691.json index 9cd23163b57..47dd470c5d4 100644 --- a/2009/0xxx/CVE-2009-0691.json +++ b/2009/0xxx/CVE-2009-0691.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-0691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.foxitsoftware.com/pdf/reader/security.htm#0602", - "refsource" : "CONFIRM", - "url" : "http://www.foxitsoftware.com/pdf/reader/security.htm#0602" - }, - { - "name" : "VU#251793", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/251793" - }, - { - "name" : "35443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35443" - }, - { - "name" : "1022425", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022425" - }, - { - "name" : "35512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35512" - }, - { - "name" : "ADV-2009-1640", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.foxitsoftware.com/pdf/reader/security.htm#0602", + "refsource": "CONFIRM", + "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#0602" + }, + { + "name": "1022425", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022425" + }, + { + "name": "VU#251793", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/251793" + }, + { + "name": "35443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35443" + }, + { + "name": "35512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35512" + }, + { + "name": "ADV-2009-1640", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1640" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0876.json b/2009/0xxx/CVE-2009-0876.json index 6da8870a8a5..1c6e14a08ac 100644 --- a/2009/0xxx/CVE-2009-0876.json +++ b/2009/0xxx/CVE-2009-0876.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090316 CVE-2009-0876 (VirtualBox) references", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/15/1" - }, - { - "name" : "[oss-security] 20090317 Re: CVE-2009-0876 (VirtualBox) references", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/17/2" - }, - { - "name" : "254568", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254568-1" - }, - { - "name" : "http://www.virtualbox.org/ticket/3444", - "refsource" : "CONFIRM", - "url" : "http://www.virtualbox.org/ticket/3444" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=260331", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=260331" - }, - { - "name" : "34080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34080" - }, - { - "name" : "52580", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52580" - }, - { - "name" : "1021841", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021841" - }, - { - "name" : "34232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34232" - }, - { - "name" : "ADV-2009-0674", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0674" - }, - { - "name" : "xvmvirtualbox-unspecified-priv-escalation(49193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34080" + }, + { + "name": "xvmvirtualbox-unspecified-priv-escalation(49193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49193" + }, + { + "name": "ADV-2009-0674", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0674" + }, + { + "name": "[oss-security] 20090316 CVE-2009-0876 (VirtualBox) references", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/15/1" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=260331", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=260331" + }, + { + "name": "[oss-security] 20090317 Re: CVE-2009-0876 (VirtualBox) references", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/17/2" + }, + { + "name": "http://www.virtualbox.org/ticket/3444", + "refsource": "CONFIRM", + "url": "http://www.virtualbox.org/ticket/3444" + }, + { + "name": "1021841", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021841" + }, + { + "name": "34232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34232" + }, + { + "name": "52580", + "refsource": "OSVDB", + "url": "http://osvdb.org/52580" + }, + { + "name": "254568", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254568-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0981.json b/2009/0xxx/CVE-2009-0981.json index 2ae8ac87ade..c4d8ce8f06e 100644 --- a/2009/0xxx/CVE-2009-0981.json +++ b/2009/0xxx/CVE-2009-0981.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-0981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090416 Unprivileged DB users can see APEX password hashes", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502724/100/0/threaded" - }, - { - "name" : "8456", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8456" - }, - { - "name" : "http://www.red-database-security.com/advisory/apex_password_hashes.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/apex_password_hashes.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53738", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53738" - }, - { - "name" : "1022052", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022052" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "20090416 Unprivileged DB users can see APEX password hashes", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502724/100/0/threaded" + }, + { + "name": "http://www.red-database-security.com/advisory/apex_password_hashes.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/apex_password_hashes.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + }, + { + "name": "53738", + "refsource": "OSVDB", + "url": "http://osvdb.org/53738" + }, + { + "name": "1022052", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022052" + }, + { + "name": "8456", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8456" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1277.json b/2009/1xxx/CVE-2009-1277.json index 2f2194b2c90..88d0c2af166 100644 --- a/2009/1xxx/CVE-2009-1277.json +++ b/2009/1xxx/CVE-2009-1277.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8350", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8350" - }, - { - "name" : "34370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34370" - }, - { - "name" : "gravityboardx-index-sql-injection(49678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34370" + }, + { + "name": "8350", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8350" + }, + { + "name": "gravityboardx-index-sql-injection(49678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49678" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1752.json b/2009/1xxx/CVE-2009-1752.json index 98e7d871e2f..edf39c18255 100644 --- a/2009/1xxx/CVE-2009-1752.json +++ b/2009/1xxx/CVE-2009-1752.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8744", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8744" - }, - { - "name" : "35172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35172" - }, - { - "name" : "oms-configure-addmessage2-security-bypass(50647)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oms-configure-addmessage2-security-bypass(50647)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50647" + }, + { + "name": "8744", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8744" + }, + { + "name": "35172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35172" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3845.json b/2009/3xxx/CVE-2009-3845.json index 4452552d5d6..282e118d9a4 100644 --- a/2009/3xxx/CVE-2009-3845.json +++ b/2009/3xxx/CVE-2009-3845.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2009-3845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091209 ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508345/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-09-094/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-09-094/" - }, - { - "name" : "HPSBMA02483", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" - }, - { - "name" : "SSRT090037", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" - }, - { - "name" : "SSRT090257", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126046355120442&w=2" - }, - { - "name" : "37261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37261" - }, - { - "name" : "37300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37300" - }, - { - "name" : "hp-openviewnnm-hostname-command-execution(54651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-09-094/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-09-094/" + }, + { + "name": "20091209 ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508345/100/0/threaded" + }, + { + "name": "37261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37261" + }, + { + "name": "SSRT090257", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126046355120442&w=2" + }, + { + "name": "SSRT090037", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" + }, + { + "name": "hp-openviewnnm-hostname-command-execution(54651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54651" + }, + { + "name": "37300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37300" + }, + { + "name": "HPSBMA02483", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3879.json b/2009/3xxx/CVE-2009-3879.json index 70002d75611..0bfac18a207 100644 --- a/2009/3xxx/CVE-2009-3879.json +++ b/2009/3xxx/CVE-2009-3879.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" - }, - { - "name" : "http://java.sun.com/javase/6/webnotes/6u17.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u17.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=530297", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=530297" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "MDVSA-2010:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" - }, - { - "name" : "oval:org.mitre.oval:def:7545", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545" - }, - { - "name" : "oval:org.mitre.oval:def:9568", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7545", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=530297", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530297" + }, + { + "name": "oval:org.mitre.oval:def:9568", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u17.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u17.html" + }, + { + "name": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" + }, + { + "name": "MDVSA-2010:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4028.json b/2009/4xxx/CVE-2009-4028.json index 768b04c15a8..6eebd8abffe 100644 --- a/2009/4xxx/CVE-2009-4028.json +++ b/2009/4xxx/CVE-2009-4028.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320", - "refsource" : "MLIST", - "url" : "http://lists.mysql.com/commits/87446" - }, - { - "name" : "[oss-security] 20091119 mysql-5.1.41", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/19/3" - }, - { - "name" : "[oss-security] 20091121 CVE Request - MySQL - 5.0.88", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125881733826437&w=2" - }, - { - "name" : "[oss-security] 20091123 Re: mysql-5.1.41", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/23/16" - }, - { - "name" : "http://bugs.mysql.com/47320", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/47320" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html" - }, - { - "name" : "RHSA-2010:0109", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0109.html" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "oval:org.mitre.oval:def:10940", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940" - }, - { - "name" : "oval:org.mitre.oval:def:8510", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:8510", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510" + }, + { + "name": "RHSA-2010:0109", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "[oss-security] 20091119 mysql-5.1.41", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/19/3" + }, + { + "name": "[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320", + "refsource": "MLIST", + "url": "http://lists.mysql.com/commits/87446" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html" + }, + { + "name": "[oss-security] 20091121 CVE Request - MySQL - 5.0.88", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125881733826437&w=2" + }, + { + "name": "oval:org.mitre.oval:def:10940", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940" + }, + { + "name": "http://bugs.mysql.com/47320", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/47320" + }, + { + "name": "[oss-security] 20091123 Re: mysql-5.1.41", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/23/16" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4357.json b/2009/4xxx/CVE-2009-4357.json index caf88a5886b..ca47350a813 100644 --- a/2009/4xxx/CVE-2009-4357.json +++ b/2009/4xxx/CVE-2009-4357.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PK86377", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377" - }, - { - "name" : "37385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37385" - }, - { - "name" : "1023370", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023370" - }, - { - "name" : "37811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37811" - }, - { - "name" : "ADV-2009-3580", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023370", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023370" + }, + { + "name": "37385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37385" + }, + { + "name": "37811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37811" + }, + { + "name": "PK86377", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377" + }, + { + "name": "ADV-2009-3580", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3580" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4501.json b/2009/4xxx/CVE-2009-4501.json index 07a680b65e3..7d0587451b5 100644 --- a/2009/4xxx/CVE-2009-4501.json +++ b/2009/4xxx/CVE-2009-4501.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091213 Zabbix Server : Multiple remote vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508436/30/60/threaded" - }, - { - "name" : "https://support.zabbix.com/browse/ZBX-1355", - "refsource" : "CONFIRM", - "url" : "https://support.zabbix.com/browse/ZBX-1355" - }, - { - "name" : "37740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37740" - }, - { - "name" : "ADV-2009-3514", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091213 Zabbix Server : Multiple remote vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508436/30/60/threaded" + }, + { + "name": "https://support.zabbix.com/browse/ZBX-1355", + "refsource": "CONFIRM", + "url": "https://support.zabbix.com/browse/ZBX-1355" + }, + { + "name": "37740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37740" + }, + { + "name": "ADV-2009-3514", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3514" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4832.json b/2009/4xxx/CVE-2009-4832.json index da5b1d0a09d..e35ed5f8bad 100644 --- a/2009/4xxx/CVE-2009-4832.json +++ b/2009/4xxx/CVE-2009-4832.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8983", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8983" - }, - { - "name" : "1022427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022427" - }, - { - "name" : "35501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8983", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8983" + }, + { + "name": "35501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35501" + }, + { + "name": "1022427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022427" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4933.json b/2009/4xxx/CVE-2009-4933.json index 62a7e5058da..c0a363c75b5 100644 --- a/2009/4xxx/CVE-2009-4933.json +++ b/2009/4xxx/CVE-2009-4933.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8487", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8487" - }, - { - "name" : "34604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34604" - }, - { - "name" : "34819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34819" - }, - { - "name" : "ezwebitor-login-sql-injection(49966)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34819" + }, + { + "name": "8487", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8487" + }, + { + "name": "34604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34604" + }, + { + "name": "ezwebitor-login-sql-injection(49966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49966" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2569.json b/2012/2xxx/CVE-2012-2569.json index afe55af556c..a3f7cad836a 100644 --- a/2012/2xxx/CVE-2012-2569.json +++ b/2012/2xxx/CVE-2012-2569.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20367", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20367" - }, - { - "name" : "54902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54902" - }, - { - "name" : "84591", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84591" - }, - { - "name" : "50190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50190" - }, - { - "name" : "xeamsemailserver-sendmail-xss(77504)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "84591", + "refsource": "OSVDB", + "url": "http://osvdb.org/84591" + }, + { + "name": "xeamsemailserver-sendmail-xss(77504)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77504" + }, + { + "name": "50190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50190" + }, + { + "name": "20367", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20367" + }, + { + "name": "54902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54902" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2993.json b/2012/2xxx/CVE-2012-2993.json index fdec72a09f9..ea11630b402 100644 --- a/2012/2xxx/CVE-2012-2993.json +++ b/2012/2xxx/CVE-2012-2993.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#389795", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/389795" - }, - { - "name" : "55569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55569" - }, - { - "name" : "85619", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85619" - }, - { - "name" : "1027541", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027541" - }, - { - "name" : "microsoft-winphone7-domainname-spoofing(78620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "microsoft-winphone7-domainname-spoofing(78620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78620" + }, + { + "name": "55569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55569" + }, + { + "name": "VU#389795", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/389795" + }, + { + "name": "85619", + "refsource": "OSVDB", + "url": "http://osvdb.org/85619" + }, + { + "name": "1027541", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027541" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3253.json b/2012/3xxx/CVE-2012-3253.json index 99095012265..ef93be5b61a 100644 --- a/2012/3xxx/CVE-2012-3253.json +++ b/2012/3xxx/CVE-2012-3253.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-3253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-12-164/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-12-164/" - }, - { - "name" : "HPSB3C02808", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473459" - }, - { - "name" : "SSRT100361", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSB3C02808", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473459" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-12-164/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-12-164/" + }, + { + "name": "SSRT100361", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473459" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6255.json b/2012/6xxx/CVE-2012-6255.json index 4d7a708d827..a33bcbc7358 100644 --- a/2012/6xxx/CVE-2012-6255.json +++ b/2012/6xxx/CVE-2012-6255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6255", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6255", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6295.json b/2012/6xxx/CVE-2012-6295.json index 3cb4d71edd7..47057217748 100644 --- a/2012/6xxx/CVE-2012-6295.json +++ b/2012/6xxx/CVE-2012-6295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6619.json b/2012/6xxx/CVE-2012-6619.json index 3ffb4f3438d..deeb3f7e897 100644 --- a/2012/6xxx/CVE-2012-6619.json +++ b/2012/6xxx/CVE-2012-6619.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/07/2" - }, - { - "name" : "[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/07/13" - }, - { - "name" : "[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/08/9" - }, - { - "name" : "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html", - "refsource" : "MISC", - "url" : "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1049748", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1049748" - }, - { - "name" : "https://jira.mongodb.org/browse/SERVER-7769", - "refsource" : "CONFIRM", - "url" : "https://jira.mongodb.org/browse/SERVER-7769" - }, - { - "name" : "RHSA-2014:0230", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0230.html" - }, - { - "name" : "RHSA-2014:0440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0440.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/07/13" + }, + { + "name": "[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/07/2" + }, + { + "name": "RHSA-2014:0230", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0230.html" + }, + { + "name": "https://jira.mongodb.org/browse/SERVER-7769", + "refsource": "CONFIRM", + "url": "https://jira.mongodb.org/browse/SERVER-7769" + }, + { + "name": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html", + "refsource": "MISC", + "url": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html" + }, + { + "name": "RHSA-2014:0440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748" + }, + { + "name": "[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/08/9" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1125.json b/2015/1xxx/CVE-2015-1125.json index bd0c077d924..46aa0c38fb4 100644 --- a/2015/1xxx/CVE-2015-1125.json +++ b/2015/1xxx/CVE-2015-1125.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "1032050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032050" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1428.json b/2015/1xxx/CVE-2015-1428.json index 15947085ed9..4f38e0b950f 100644 --- a/2015/1xxx/CVE-2015-1428.json +++ b/2015/1xxx/CVE-2015-1428.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150202 Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534593/100/0/threaded" - }, - { - "name" : "35972", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35972" - }, - { - "name" : "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html", - "refsource" : "MISC", - "url" : "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html" - }, - { - "name" : "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb", - "refsource" : "MISC", - "url" : "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb" - }, - { - "name" : "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07", - "refsource" : "MISC", - "url" : "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35972", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35972" + }, + { + "name": "20150202 Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534593/100/0/threaded" + }, + { + "name": "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html", + "refsource": "MISC", + "url": "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html" + }, + { + "name": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb", + "refsource": "MISC", + "url": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb" + }, + { + "name": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07", + "refsource": "MISC", + "url": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1791.json b/2015/1xxx/CVE-2015-1791.json index 786275aeaca..edff44f1c8a 100644 --- a/2015/1xxx/CVE-2015-1791.json +++ b/2015/1xxx/CVE-2015-1791.json @@ -1,302 +1,302 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc", - "refsource" : "CONFIRM", - "url" : "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc" - }, - { - "name" : "https://www.openssl.org/news/secadv_20150611.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20150611.txt" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015", - "refsource" : "CONFIRM", - "url" : "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733" - }, - { - "name" : "https://openssl.org/news/secadv/20150611.txt", - "refsource" : "CONFIRM", - "url" : "https://openssl.org/news/secadv/20150611.txt" - }, - { - "name" : "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015" - }, - { - "name" : "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa98", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa98" - }, - { - "name" : "http://www-304.ibm.com/support/docview.wss?uid=swg21960041", - "refsource" : "CONFIRM", - "url" : "http://www-304.ibm.com/support/docview.wss?uid=swg21960041" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10122" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://support.citrix.com/article/CTX216642", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX216642" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl" - }, - { - "name" : "DSA-3287", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3287" - }, - { - "name" : "FEDORA-2015-10047", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html" - }, - { - "name" : "FEDORA-2015-10108", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html" - }, - { - "name" : "GLSA-201506-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-02" - }, - { - "name" : "HPSBUX03388", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143880121627664&w=2" - }, - { - "name" : "SSRT102180", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143880121627664&w=2" - }, - { - "name" : "HPSBMU03409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" - }, - { - "name" : "NetBSD-SA2015-008", - "refsource" : "NETBSD", - "url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" - }, - { - "name" : "RHSA-2015:1115", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1115.html" - }, - { - "name" : "openSUSE-SU-2016:0640", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" - }, - { - "name" : "SUSE-SU-2015:1143", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" - }, - { - "name" : "SUSE-SU-2015:1150", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:1182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:1184", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" - }, - { - "name" : "openSUSE-SU-2015:1139", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" - }, - { - "name" : "SUSE-SU-2015:1185", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html" - }, - { - "name" : "USN-2639-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2639-1" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "75161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75161" - }, - { - "name" : "1032479", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:1184", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" + }, + { + "name": "SSRT102180", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2" + }, + { + "name": "DSA-3287", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3287" + }, + { + "name": "SUSE-SU-2015:1150", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122" + }, + { + "name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015", + "refsource": "CONFIRM", + "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" + }, + { + "name": "HPSBMU03409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965" + }, + { + "name": "https://openssl.org/news/secadv/20150611.txt", + "refsource": "CONFIRM", + "url": "https://openssl.org/news/secadv/20150611.txt" + }, + { + "name": "75161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75161" + }, + { + "name": "RHSA-2015:1115", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "1032479", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032479" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "SUSE-SU-2015:1182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" + }, + { + "name": "SUSE-SU-2015:1143", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc", + "refsource": "CONFIRM", + "url": "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc" + }, + { + "name": "openSUSE-SU-2016:0640", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041", + "refsource": "CONFIRM", + "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" + }, + { + "name": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015" + }, + { + "name": "FEDORA-2015-10108", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "USN-2639-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2639-1" + }, + { + "name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015" + }, + { + "name": "GLSA-201506-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-02" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "HPSBUX03388", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" + }, + { + "name": "FEDORA-2015-10047", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "https://support.citrix.com/article/CTX216642", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX216642" + }, + { + "name": "SUSE-SU-2015:1185", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694" + }, + { + "name": "openSUSE-SU-2015:1139", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa98", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa98" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733" + }, + { + "name": "NetBSD-SA2015-008", + "refsource": "NETBSD", + "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" + }, + { + "name": "https://www.openssl.org/news/secadv_20150611.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20150611.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1807.json b/2015/1xxx/CVE-2015-1807.json index f976719f3ac..9480d3b3796 100644 --- a/2015/1xxx/CVE-2015-1807.json +++ b/2015/1xxx/CVE-2015-1807.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205622", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205622" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27" - }, - { - "name" : "RHSA-2015:1844", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1844.html" - }, - { - "name" : "RHSA-2016:0070", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205622", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205622" + }, + { + "name": "RHSA-2016:0070", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0070" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27" + }, + { + "name": "RHSA-2015:1844", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1844.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5042.json b/2015/5xxx/CVE-2015-5042.json index 6771a1ead19..f216ca306a5 100644 --- a/2015/5xxx/CVE-2015-5042.json +++ b/2015/5xxx/CVE-2015-5042.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973592", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5098.json b/2015/5xxx/CVE-2015-5098.json index 7fecef94a93..a8c87ab021e 100644 --- a/2015/5xxx/CVE-2015-5098.json +++ b/2015/5xxx/CVE-2015-5098.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5105." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5603.json b/2015/5xxx/CVE-2015-5603.json index 6509147f8d7..bb72711e129 100644 --- a/2015/5xxx/CVE-2015-5603.json +++ b/2015/5xxx/CVE-2015-5603.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to \"Velocity Template Injection Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150902 CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536374/100/0/threaded" - }, - { - "name" : "38905", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38905/" - }, - { - "name" : "38551", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38551/" - }, - { - "name" : "http://packetstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.html" - }, - { - "name" : "http://www.rapid7.com/db/modules/exploit/multi/http/jira_hipchat_template", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/db/modules/exploit/multi/http/jira_hipchat_template" - }, - { - "name" : "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.html", - "refsource" : "CONFIRM", - "url" : "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to \"Velocity Template Injection Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.html", + "refsource": "CONFIRM", + "url": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.html" + }, + { + "name": "38905", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38905/" + }, + { + "name": "http://packetstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.html" + }, + { + "name": "http://www.rapid7.com/db/modules/exploit/multi/http/jira_hipchat_template", + "refsource": "MISC", + "url": "http://www.rapid7.com/db/modules/exploit/multi/http/jira_hipchat_template" + }, + { + "name": "20150902 CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536374/100/0/threaded" + }, + { + "name": "38551", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38551/" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5806.json b/2015/5xxx/CVE-2015-5806.json index f2bc91d63b9..3f47595a4cc 100644 --- a/2015/5xxx/CVE-2015-5806.json +++ b/2015/5xxx/CVE-2015-5806.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "https://support.apple.com/HT205265", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205265" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-09-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" - }, - { - "name" : "76763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76763" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76763" + }, + { + "name": "https://support.apple.com/HT205265", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205265" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "APPLE-SA-2015-09-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11558.json b/2018/11xxx/CVE-2018-11558.json index 18d7eff4ad9..f414f096a09 100644 --- a/2018/11xxx/CVE-2018-11558.json +++ b/2018/11xxx/CVE-2018-11558.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DomainMod 4.10.0 has Stored XSS in the \"/settings/profile/index.php\" new_first_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/domainmod/domainmod/issues/66", - "refsource" : "MISC", - "url" : "https://github.com/domainmod/domainmod/issues/66" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DomainMod 4.10.0 has Stored XSS in the \"/settings/profile/index.php\" new_first_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/domainmod/domainmod/issues/66", + "refsource": "MISC", + "url": "https://github.com/domainmod/domainmod/issues/66" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11834.json b/2018/11xxx/CVE-2018-11834.json index 13eaeae2804..7abc8e660f0 100644 --- a/2018/11xxx/CVE-2018-11834.json +++ b/2018/11xxx/CVE-2018-11834.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11834", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11834", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15244.json b/2018/15xxx/CVE-2018-15244.json index 34ad4ccd53d..de577beff13 100644 --- a/2018/15xxx/CVE-2018-15244.json +++ b/2018/15xxx/CVE-2018-15244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15244", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15244", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3195.json b/2018/3xxx/CVE-2018-3195.json index 3ba94cdbc44..e3a8579ee56 100644 --- a/2018/3xxx/CVE-2018-3195.json +++ b/2018/3xxx/CVE-2018-3195.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "105607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105607" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "105607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105607" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3201.json b/2018/3xxx/CVE-2018-3201.json index 4ea4587d52f..4007c984c36 100644 --- a/2018/3xxx/CVE-2018-3201.json +++ b/2018/3xxx/CVE-2018-3201.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebLogic Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.2.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.2.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105611" - }, - { - "name" : "1041896", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041896", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041896" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105611" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3317.json b/2018/3xxx/CVE-2018-3317.json index 04fa3825060..d43a8e7803b 100644 --- a/2018/3xxx/CVE-2018-3317.json +++ b/2018/3xxx/CVE-2018-3317.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3317", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3317", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3491.json b/2018/3xxx/CVE-2018-3491.json index baaefb7c8ed..981c4c661cc 100644 --- a/2018/3xxx/CVE-2018-3491.json +++ b/2018/3xxx/CVE-2018-3491.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3491", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3491", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3764.json b/2018/3xxx/CVE-2018-3764.json index 62c58cb6d36..bf73f3b97e5 100644 --- a/2018/3xxx/CVE-2018-3764.json +++ b/2018/3xxx/CVE-2018-3764.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Contacts application", - "version" : { - "version_data" : [ - { - "version_value" : "<2.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Nextcloud" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Stored (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Contacts application", + "version": { + "version_data": [ + { + "version_value": "<2.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Nextcloud" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-005", - "refsource" : "CONFIRM", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-005", + "refsource": "CONFIRM", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-005" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3922.json b/2018/3xxx/CVE-2018-3922.json index 3d28771ce6b..bed4ee066c4 100644 --- a/2018/3xxx/CVE-2018-3922.json +++ b/2018/3xxx/CVE-2018-3922.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-11T00:00:00", - "ID" : "CVE-2018-3922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Computerinsel Photoline", - "version" : { - "version_data" : [ - { - "version_value" : "Computerinsel Photoline 20.54 for OS X" - } - ] - } - } - ] - }, - "vendor_name" : "Computerinsel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-11T00:00:00", + "ID": "CVE-2018-3922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Computerinsel Photoline", + "version": { + "version_data": [ + { + "version_value": "Computerinsel Photoline 20.54 for OS X" + } + ] + } + } + ] + }, + "vendor_name": "Computerinsel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0586", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0586", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0586" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7425.json b/2018/7xxx/CVE-2018-7425.json index 6ec8cce6965..f3c10861e62 100644 --- a/2018/7xxx/CVE-2018-7425.json +++ b/2018/7xxx/CVE-2018-7425.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7425", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7425", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8152.json b/2018/8xxx/CVE-2018-8152.json index 9f16f614e65..cf700551015 100644 --- a/2018/8xxx/CVE-2018-8152.json +++ b/2018/8xxx/CVE-2018-8152.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Exchange Server", - "version" : { - "version_data" : [ - { - "version_value" : "2016 Cumulative Update 8" - }, - { - "version_value" : "2016 Cumulative Update 9" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_value": "2016 Cumulative Update 8" + }, + { + "version_value": "2016 Cumulative Update 9" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8152", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8152" - }, - { - "name" : "104043", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104043" - }, - { - "name" : "1040850", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8152", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8152" + }, + { + "name": "104043", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104043" + }, + { + "name": "1040850", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040850" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8180.json b/2018/8xxx/CVE-2018-8180.json index 205d7572ac7..181474c7c63 100644 --- a/2018/8xxx/CVE-2018-8180.json +++ b/2018/8xxx/CVE-2018-8180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8180", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8180", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8364.json b/2018/8xxx/CVE-2018-8364.json index 6379dcef1c9..ebbaa56ff1b 100644 --- a/2018/8xxx/CVE-2018-8364.json +++ b/2018/8xxx/CVE-2018-8364.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8364", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8364", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8656.json b/2018/8xxx/CVE-2018-8656.json index e3f6082598b..a1a6c3d7022 100644 --- a/2018/8xxx/CVE-2018-8656.json +++ b/2018/8xxx/CVE-2018-8656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8656", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8656", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file