diff --git a/2005/0xxx/CVE-2005-0179.json b/2005/0xxx/CVE-2005-0179.json index 60eeeb9b4b2..7923ce89ec7 100644 --- a/2005/0xxx/CVE-2005-0179.json +++ b/2005/0xxx/CVE-2005-0179.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html" - }, - { - "name" : "CLA-2005:930", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930" - }, - { - "name" : "RHSA-2005:092", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-092.html" - }, - { - "name" : "RHSA-2005:663", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-663.html" - }, - { - "name" : "oval:org.mitre.oval:def:9890", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9890" - }, - { - "name" : "ADV-2005-1878", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1878" - }, - { - "name" : "17002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:9890", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9890" + }, + { + "name": "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html" + }, + { + "name": "RHSA-2005:092", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-092.html" + }, + { + "name": "17002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17002" + }, + { + "name": "CLA-2005:930", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930" + }, + { + "name": "RHSA-2005:663", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-663.html" + }, + { + "name": "ADV-2005-1878", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1878" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1081.json b/2005/1xxx/CVE-2005-1081.json index 1cd9f045e9f..8fddcdca969 100644 --- a/2005/1xxx/CVE-2005-1081.json +++ b/2005/1xxx/CVE-2005-1081.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050409 AzDGDatingPlatinum multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/395530" - }, - { - "name" : "13082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13082" - }, - { - "name" : "azdgdating-platinum-viewphp-xss(20052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050409 AzDGDatingPlatinum multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/395530" + }, + { + "name": "13082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13082" + }, + { + "name": "azdgdating-platinum-viewphp-xss(20052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20052" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1720.json b/2005/1xxx/CVE-2005-1720.json index 9d40062c9b0..25ce0b1a982 100644 --- a/2005/1xxx/CVE-2005-1720.json +++ b/2005/1xxx/CVE-2005-1720.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-06-08", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-06-08", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1967.json b/2005/1xxx/CVE-2005-1967.json index b6bfee541a6..a73c48109bd 100644 --- a/2005/1xxx/CVE-2005-1967.json +++ b/2005/1xxx/CVE-2005-1967.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://echo.or.id/adv/adv16-theday-2005.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv16-theday-2005.txt" - }, - { - "name" : "1014129", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014129", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014129" + }, + { + "name": "http://echo.or.id/adv/adv16-theday-2005.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv16-theday-2005.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1985.json b/2005/1xxx/CVE-2005-1985.json index fdcd0ce551e..0f2ac1a0911 100644 --- a/2005/1xxx/CVE-2005-1985.json +++ b/2005/1xxx/CVE-2005-1985.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an \"unchecked buffer\" when processing certain crafted network messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2005-1985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS05-046", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046" - }, - { - "name" : "15066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15066" - }, - { - "name" : "19922", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19922" - }, - { - "name" : "oval:org.mitre.oval:def:1106", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106" - }, - { - "name" : "oval:org.mitre.oval:def:1210", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210" - }, - { - "name" : "oval:org.mitre.oval:def:1536", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536" - }, - { - "name" : "oval:org.mitre.oval:def:1544", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544" - }, - { - "name" : "oval:org.mitre.oval:def:910", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910" - }, - { - "name" : "1015041", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015041" - }, - { - "name" : "17165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17165" - }, - { - "name" : "win-csnw-bo(21700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an \"unchecked buffer\" when processing certain crafted network messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:910", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910" + }, + { + "name": "oval:org.mitre.oval:def:1544", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544" + }, + { + "name": "oval:org.mitre.oval:def:1106", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106" + }, + { + "name": "MS05-046", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046" + }, + { + "name": "17165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17165" + }, + { + "name": "19922", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19922" + }, + { + "name": "oval:org.mitre.oval:def:1210", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210" + }, + { + "name": "15066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15066" + }, + { + "name": "win-csnw-bo(21700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21700" + }, + { + "name": "oval:org.mitre.oval:def:1536", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536" + }, + { + "name": "1015041", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015041" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3116.json b/2005/3xxx/CVE-2005-3116.json index 66a1263565e..1b302ab399e 100644 --- a/2005/3xxx/CVE-2005-3116.json +++ b/2005/3xxx/CVE-2005-3116.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051110 Stack Overflow in Veritas Netbackup Enterprise Server", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities" - }, - { - "name" : "20060115 Veritas NetBackup \"Volume Manager Daemon\" Module Stack Overflow - Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422066/100/0/threaded" - }, - { - "name" : "20060117 Re: Veritas NetBackup \"Volume Manager Daemon\" Module Stack Overflow - Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422157/100/0/threaded" - }, - { - "name" : "http://seer.support.veritas.com/docs/279553.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/279553.htm" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html" - }, - { - "name" : "VU#574662", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/574662" - }, - { - "name" : "15353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15353" - }, - { - "name" : "ADV-2005-2349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2349" - }, - { - "name" : "20674", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20674" - }, - { - "name" : "1015170", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015170" - }, - { - "name" : "17503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17503" - }, - { - "name" : "netbackup-vmd-bo(22985)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#574662", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/574662" + }, + { + "name": "20674", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20674" + }, + { + "name": "20060115 Veritas NetBackup \"Volume Manager Daemon\" Module Stack Overflow - Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422066/100/0/threaded" + }, + { + "name": "15353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15353" + }, + { + "name": "20051110 Stack Overflow in Veritas Netbackup Enterprise Server", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities" + }, + { + "name": "1015170", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015170" + }, + { + "name": "17503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17503" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html" + }, + { + "name": "20060117 Re: Veritas NetBackup \"Volume Manager Daemon\" Module Stack Overflow - Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422157/100/0/threaded" + }, + { + "name": "netbackup-vmd-bo(22985)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22985" + }, + { + "name": "ADV-2005-2349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2349" + }, + { + "name": "http://seer.support.veritas.com/docs/279553.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/279553.htm" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3687.json b/2005/3xxx/CVE-2005-3687.json index f8fc9524fc3..b145e081fc9 100644 --- a/2005/3xxx/CVE-2005-3687.json +++ b/2005/3xxx/CVE-2005-3687.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15483", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15483" - }, - { - "name" : "17630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17630" + }, + { + "name": "15483", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15483" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3988.json b/2005/3xxx/CVE-2005-3988.json index c45253c6573..91bb69c321c 100644 --- a/2005/3xxx/CVE-2005-3988.json +++ b/2005/3xxx/CVE-2005-3988.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/lore-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/lore-sql-inj-vuln.html" - }, - { - "name" : "15665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15665" - }, - { - "name" : "ADV-2005-2682", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2682" - }, - { - "name" : "21328", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21328" - }, - { - "name" : "17842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17842" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/lore-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/lore-sql-inj-vuln.html" + }, + { + "name": "21328", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21328" + }, + { + "name": "15665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15665" + }, + { + "name": "ADV-2005-2682", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2682" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4048.json b/2005/4xxx/CVE-2005-4048.json index 48691691090..1927f418b3e 100644 --- a/2005/4xxx/CVE-2005-4048.json +++ b/2005/4xxx/CVE-2005-4048.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558", - "refsource" : "MISC", - "url" : "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558" - }, - { - "name" : "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg", - "refsource" : "CONFIRM", - "url" : "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg" - }, - { - "name" : "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg", - "refsource" : "CONFIRM", - "url" : "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg" - }, - { - "name" : "http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup", - "refsource" : "CONFIRM", - "url" : "http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup" - }, - { - "name" : "DSA-992", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-992" - }, - { - "name" : "DSA-1004", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1004" - }, - { - "name" : "DSA-1005", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1005" - }, - { - "name" : "GLSA-200602-01", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml" - }, - { - "name" : "GLSA-200603-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml" - }, - { - "name" : "GLSA-200601-06", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml" - }, - { - "name" : "MDKSA-2005:228", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:228" - }, - { - "name" : "MDKSA-2005:229", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:229" - }, - { - "name" : "MDKSA-2005:230", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:230" - }, - { - "name" : "MDKSA-2005:231", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:231" - }, - { - "name" : "MDKSA-2005:232", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:232" - }, - { - "name" : "USN-230-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/230-1/" - }, - { - "name" : "USN-230-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/230-2/" - }, - { - "name" : "15743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15743" - }, - { - "name" : "ADV-2005-2770", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2770" - }, - { - "name" : "17892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17892" - }, - { - "name" : "18066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18066" - }, - { - "name" : "18107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18107" - }, - { - "name" : "18087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18087" - }, - { - "name" : "18739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18739" - }, - { - "name" : "18746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18746" - }, - { - "name" : "19114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19114" - }, - { - "name" : "19192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19192" - }, - { - "name" : "19272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19272" - }, - { - "name" : "19279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19279" - }, - { - "name" : "18400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-992", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-992" + }, + { + "name": "GLSA-200602-01", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml" + }, + { + "name": "MDKSA-2005:229", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:229" + }, + { + "name": "MDKSA-2005:232", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:232" + }, + { + "name": "19272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19272" + }, + { + "name": "USN-230-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/230-1/" + }, + { + "name": "DSA-1005", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1005" + }, + { + "name": "19114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19114" + }, + { + "name": "GLSA-200601-06", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml" + }, + { + "name": "18087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18087" + }, + { + "name": "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg", + "refsource": "CONFIRM", + "url": "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg" + }, + { + "name": "http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup", + "refsource": "CONFIRM", + "url": "http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup" + }, + { + "name": "18400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18400" + }, + { + "name": "MDKSA-2005:230", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:230" + }, + { + "name": "GLSA-200603-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml" + }, + { + "name": "17892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17892" + }, + { + "name": "18746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18746" + }, + { + "name": "MDKSA-2005:228", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:228" + }, + { + "name": "19192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19192" + }, + { + "name": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558", + "refsource": "MISC", + "url": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558" + }, + { + "name": "USN-230-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/230-2/" + }, + { + "name": "MDKSA-2005:231", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:231" + }, + { + "name": "ADV-2005-2770", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2770" + }, + { + "name": "DSA-1004", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1004" + }, + { + "name": "18739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18739" + }, + { + "name": "18107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18107" + }, + { + "name": "19279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19279" + }, + { + "name": "15743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15743" + }, + { + "name": "18066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18066" + }, + { + "name": "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg", + "refsource": "CONFIRM", + "url": "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4294.json b/2005/4xxx/CVE-2005-4294.json index 4265b2cb52c..3009317cea5 100644 --- a/2005/4xxx/CVE-2005-4294.json +++ b/2005/4xxx/CVE-2005-4294.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051215 [scip_Advisory 1910] Alkacon OpenCms 6.0.2 login Cross Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0640.html" - }, - { - "name" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910", - "refsource" : "MISC", - "url" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910" - }, - { - "name" : "http://www.opencms.org/opencms/en/download/opencms.html", - "refsource" : "CONFIRM", - "url" : "http://www.opencms.org/opencms/en/download/opencms.html" - }, - { - "name" : "15882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15882" - }, - { - "name" : "ADV-2005-2923", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2923" - }, - { - "name" : "1015365", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015365" - }, - { - "name" : "18046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18046" + }, + { + "name": "ADV-2005-2923", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2923" + }, + { + "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910", + "refsource": "MISC", + "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910" + }, + { + "name": "15882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15882" + }, + { + "name": "http://www.opencms.org/opencms/en/download/opencms.html", + "refsource": "CONFIRM", + "url": "http://www.opencms.org/opencms/en/download/opencms.html" + }, + { + "name": "20051215 [scip_Advisory 1910] Alkacon OpenCms 6.0.2 login Cross Site Scripting", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0640.html" + }, + { + "name": "1015365", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015365" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4613.json b/2005/4xxx/CVE-2005-4613.json index 3600847d72a..50d448872ab 100644 --- a/2005/4xxx/CVE-2005-4613.json +++ b/2005/4xxx/CVE-2005-4613.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in the user edit profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html" - }, - { - "name" : "21332", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21332" - }, - { - "name" : "vubb-usereditprofile-xss(24353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in the user edit profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vubb-usereditprofile-xss(24353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24353" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html" + }, + { + "name": "21332", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21332" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0002.json b/2009/0xxx/CVE-2009-0002.json index 65b205bd34e..0d9463f17be 100644 --- a/2009/0xxx/CVE-2009-0002.json +++ b/2009/0xxx/CVE-2009-0002.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090121 ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-01/0210.html" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-005/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-005/" - }, - { - "name" : "http://support.apple.com/kb/HT3403", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3403" - }, - { - "name" : "APPLE-SA-2009-01-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html" - }, - { - "name" : "TA09-022A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-022A.html" - }, - { - "name" : "33384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33384" - }, - { - "name" : "oval:org.mitre.oval:def:5646", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5646" - }, - { - "name" : "ADV-2009-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0212" - }, - { - "name" : "51525", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51525" - }, - { - "name" : "33632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33384" + }, + { + "name": "TA09-022A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-022A.html" + }, + { + "name": "20090121 ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-01/0210.html" + }, + { + "name": "APPLE-SA-2009-01-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html" + }, + { + "name": "ADV-2009-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0212" + }, + { + "name": "51525", + "refsource": "OSVDB", + "url": "http://osvdb.org/51525" + }, + { + "name": "http://support.apple.com/kb/HT3403", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3403" + }, + { + "name": "33632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33632" + }, + { + "name": "oval:org.mitre.oval:def:5646", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5646" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-005/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-005/" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0321.json b/2009/0xxx/CVE-2009-0321.json index 5fb95a30bd3..1bfb4b196b8 100644 --- a/2009/0xxx/CVE-2009-0321.json +++ b/2009/0xxx/CVE-2009-0321.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html" - }, - { - "name" : "33481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33481" - }, - { - "name" : "oval:org.mitre.oval:def:6091", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6091" - }, - { - "name" : "safari-httpuri-dos(48284)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6091", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6091" + }, + { + "name": "http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html" + }, + { + "name": "safari-httpuri-dos(48284)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48284" + }, + { + "name": "33481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33481" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1140.json b/2009/1xxx/CVE-2009-1140.json index 663dbae2acb..771c9bd4be3 100644 --- a/2009/1xxx/CVE-2009-1140.json +++ b/2009/1xxx/CVE-2009-1140.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka \"Cross-Domain Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-019", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" - }, - { - "name" : "TA09-160A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6278", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6278" - }, - { - "name" : "1022350", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022350" - }, - { - "name" : "ADV-2009-1538", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka \"Cross-Domain Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1538", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1538" + }, + { + "name": "MS09-019", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" + }, + { + "name": "oval:org.mitre.oval:def:6278", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6278" + }, + { + "name": "TA09-160A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" + }, + { + "name": "1022350", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022350" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1196.json b/2009/1xxx/CVE-2009-1196.json index e7de833c3a1..eb3a298fb3e 100644 --- a/2009/1xxx/CVE-2009-1196.json +++ b/2009/1xxx/CVE-2009-1196.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a \"pointer use-after-delete flaw.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=497135", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=497135" - }, - { - "name" : "RHSA-2009:1083", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1083.html" - }, - { - "name" : "35194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35194" - }, - { - "name" : "oval:org.mitre.oval:def:11217", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11217" - }, - { - "name" : "1022327", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022327" - }, - { - "name" : "35340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35340" - }, - { - "name" : "ADV-2009-1488", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1488" - }, - { - "name" : "cups-directory-services-dos(50944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a \"pointer use-after-delete flaw.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35340" + }, + { + "name": "ADV-2009-1488", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1488" + }, + { + "name": "cups-directory-services-dos(50944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50944" + }, + { + "name": "1022327", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022327" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=497135", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497135" + }, + { + "name": "35194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35194" + }, + { + "name": "oval:org.mitre.oval:def:11217", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11217" + }, + { + "name": "RHSA-2009:1083", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1083.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1275.json b/2009/1xxx/CVE-2009-1275.json index a561c31042b..2559940d458 100644 --- a/2009/1xxx/CVE-2009-1275.json +++ b/2009/1xxx/CVE-2009-1275.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913" - }, - { - "name" : "https://issues.apache.org/struts/browse/TILES-351", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/struts/browse/TILES-351" - }, - { - "name" : "34657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/struts/browse/TILES-351", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/struts/browse/TILES-351" + }, + { + "name": "34657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34657" + }, + { + "name": "http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1716.json b/2009/1xxx/CVE-2009-1716.json index c9e3c464576..d84e64012b8 100644 --- a/2009/1xxx/CVE-2009-1716.json +++ b/2009/1xxx/CVE-2009-1716.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "35260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35260" - }, - { - "name" : "35347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35347" - }, - { - "name" : "1022342", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022342" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "35260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35260" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + }, + { + "name": "1022342", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022342" + }, + { + "name": "35347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35347" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3367.json b/2009/3xxx/CVE-2009-3367.json index c56c0996466..c6e01a3a444 100644 --- a/2009/3xxx/CVE-2009-3367.json +++ b/2009/3xxx/CVE-2009-3367.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57944", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57944" - }, - { - "name" : "57945", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57945" - }, - { - "name" : "36680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57945", + "refsource": "OSVDB", + "url": "http://osvdb.org/57945" + }, + { + "name": "57944", + "refsource": "OSVDB", + "url": "http://osvdb.org/57944" + }, + { + "name": "36680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36680" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4960.json b/2009/4xxx/CVE-2009-4960.json index 71764c6e296..1495462cbee 100644 --- a/2009/4xxx/CVE-2009-4960.json +++ b/2009/4xxx/CVE-2009-4960.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9490", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9490" - }, - { - "name" : "ADV-2009-2402", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2402" - }, - { - "name" : "lanaicore-download-directory-traversal(52718)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9490", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9490" + }, + { + "name": "ADV-2009-2402", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2402" + }, + { + "name": "lanaicore-download-directory-traversal(52718)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52718" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2290.json b/2012/2xxx/CVE-2012-2290.json index d823e09714e..07f35693e9f 100644 --- a/2012/2xxx/CVE-2012-2290.json +++ b/2012/2xxx/CVE-2012-2290.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-2290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121010 ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0068.html" - }, - { - "name" : "55883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55883" - }, - { - "name" : "86158", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86158" - }, - { - "name" : "1027647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027647" - }, - { - "name" : "50957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50957" + }, + { + "name": "86158", + "refsource": "OSVDB", + "url": "http://osvdb.org/86158" + }, + { + "name": "55883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55883" + }, + { + "name": "1027647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027647" + }, + { + "name": "20121010 ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0068.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2437.json b/2012/2xxx/CVE-2012-2437.json index 0735f9c4e98..9de9c8c4a0e 100644 --- a/2012/2xxx/CVE-2012-2437.json +++ b/2012/2xxx/CVE-2012-2437.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121108 Vulnerability Report on AWCM 2.2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html" - }, - { - "name" : "http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html" - }, - { - "name" : "awcm-cookie-sec-bypass(79926)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "awcm-cookie-sec-bypass(79926)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79926" + }, + { + "name": "http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html" + }, + { + "name": "20121108 Vulnerability Report on AWCM 2.2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2828.json b/2012/2xxx/CVE-2012-2828.json index d1d82744ee2..3002059ce42 100644 --- a/2012/2xxx/CVE-2012-2828.json +++ b/2012/2xxx/CVE-2012-2828.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=129857", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=129857" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" - }, - { - "name" : "oval:org.mitre.oval:def:15287", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15287", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15287" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=129857", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=129857" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2937.json b/2012/2xxx/CVE-2012-2937.json index fa6ce6696bd..2a563ab47d9 100644 --- a/2012/2xxx/CVE-2012-2937.json +++ b/2012/2xxx/CVE-2012-2937.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2012-19/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2012-19/" - }, - { - "name" : "http://forums.pligg.com/downloads.php?do=file&id=15", - "refsource" : "CONFIRM", - "url" : "http://forums.pligg.com/downloads.php?do=file&id=15" - }, - { - "name" : "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461", - "refsource" : "CONFIRM", - "url" : "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461" - }, - { - "name" : "53625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53625" - }, - { - "name" : "82048", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82048" - }, - { - "name" : "82049", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82049" - }, - { - "name" : "82050", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82050" - }, - { - "name" : "45431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45431" - }, - { - "name" : "pliggcms-multiple-sql-injection(75765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461", + "refsource": "CONFIRM", + "url": "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461" + }, + { + "name": "pliggcms-multiple-sql-injection(75765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75765" + }, + { + "name": "http://secunia.com/secunia_research/2012-19/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2012-19/" + }, + { + "name": "45431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45431" + }, + { + "name": "53625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53625" + }, + { + "name": "82050", + "refsource": "OSVDB", + "url": "http://osvdb.org/82050" + }, + { + "name": "82048", + "refsource": "OSVDB", + "url": "http://osvdb.org/82048" + }, + { + "name": "http://forums.pligg.com/downloads.php?do=file&id=15", + "refsource": "CONFIRM", + "url": "http://forums.pligg.com/downloads.php?do=file&id=15" + }, + { + "name": "82049", + "refsource": "OSVDB", + "url": "http://osvdb.org/82049" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6117.json b/2012/6xxx/CVE-2012-6117.json index 92eb0aea0fe..43e45fbe63e 100644 --- a/2012/6xxx/CVE-2012-6117.json +++ b/2012/6xxx/CVE-2012-6117.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=875294", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=875294" - }, - { - "name" : "RHSA-2013:0545", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0545.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=875294", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875294" + }, + { + "name": "RHSA-2013:0545", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0545.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6292.json b/2012/6xxx/CVE-2012-6292.json index 04b8bac3919..75c03693c0b 100644 --- a/2012/6xxx/CVE-2012-6292.json +++ b/2012/6xxx/CVE-2012-6292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6292", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6292", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1303.json b/2015/1xxx/CVE-2015-1303.json index 461ce0efe70..4b7ea0a3ea0 100644 --- a/2015/1xxx/CVE-2015-1303.json +++ b/2015/1xxx/CVE-2015-1303.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=530301", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=530301" - }, - { - "name" : "https://codereview.chromium.org/1339023002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1339023002" - }, - { - "name" : "DSA-3376", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3376" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1841", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1841.html" - }, - { - "name" : "openSUSE-SU-2015:1876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html" - }, - { - "name" : "openSUSE-SU-2015:1719", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html" - }, - { - "name" : "USN-2757-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2757-1" - }, - { - "name" : "76844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76844" - }, - { - "name" : "1033683", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2757-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2757-1" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html" + }, + { + "name": "RHSA-2015:1841", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1841.html" + }, + { + "name": "openSUSE-SU-2015:1719", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html" + }, + { + "name": "DSA-3376", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3376" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=530301", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=530301" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "openSUSE-SU-2015:1876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html" + }, + { + "name": "1033683", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033683" + }, + { + "name": "76844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76844" + }, + { + "name": "https://codereview.chromium.org/1339023002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1339023002" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1413.json b/2015/1xxx/CVE-2015-1413.json index 895f5527fa8..18cf267ed27 100644 --- a/2015/1xxx/CVE-2015-1413.json +++ b/2015/1xxx/CVE-2015-1413.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1413", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1413", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1438.json b/2015/1xxx/CVE-2015-1438.json index b02d105562c..e9e6eb8aae6 100644 --- a/2015/1xxx/CVE-2015-1438.json +++ b/2015/1xxx/CVE-2015-1438.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151231 CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/61" - }, - { - "name" : "20151231 CVE-2015-1438 - Panda Security Multiple Products Arbitrary Code Execution", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/42" - }, - { - "name" : "http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438/" - }, - { - "name" : "75715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html" + }, + { + "name": "75715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75715" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438/" + }, + { + "name": "20151231 CVE-2015-1438 - Panda Security Multiple Products Arbitrary Code Execution", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/42" + }, + { + "name": "20151231 CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/61" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5143.json b/2015/5xxx/CVE-2015-5143.json index ce7071f62ad..96574b30594 100644 --- a/2015/5xxx/CVE-2015-5143.json +++ b/2015/5xxx/CVE-2015-5143.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3305", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3305" - }, - { - "name" : "FEDORA-2015-1dd5bc998f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" - }, - { - "name" : "GLSA-201510-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-06" - }, - { - "name" : "RHSA-2015:1678", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1678.html" - }, - { - "name" : "RHSA-2015:1686", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1686.html" - }, - { - "name" : "openSUSE-SU-2015:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html" - }, - { - "name" : "openSUSE-SU-2015:1813", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html" - }, - { - "name" : "USN-2671-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2671-1" - }, - { - "name" : "75666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75666" - }, - { - "name" : "1032820", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-1dd5bc998f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" + }, + { + "name": "GLSA-201510-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-06" + }, + { + "name": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/" + }, + { + "name": "openSUSE-SU-2015:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html" + }, + { + "name": "openSUSE-SU-2015:1813", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html" + }, + { + "name": "DSA-3305", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3305" + }, + { + "name": "RHSA-2015:1678", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1678.html" + }, + { + "name": "75666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75666" + }, + { + "name": "RHSA-2015:1686", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1686.html" + }, + { + "name": "USN-2671-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2671-1" + }, + { + "name": "1032820", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032820" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5351.json b/2015/5xxx/CVE-2015-5351.json index 95937e69218..b4f99d25931 100644 --- a/2015/5xxx/CVE-2015-5351.json +++ b/2015/5xxx/CVE-2015-5351.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160222 [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Feb/148" - }, - { - "name" : "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1720652", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1720652" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1720655", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1720655" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1720658", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1720658" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1720660", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1720660" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1720661", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1720661" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1720663", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1720663" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "http://tomcat.apache.org/security-8.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-8.html" - }, - { - "name" : "http://tomcat.apache.org/security-9.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-9.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa118", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa118" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180531-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180531-0001/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "DSA-3530", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3530" - }, - { - "name" : "DSA-3609", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3609" - }, - { - "name" : "DSA-3552", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3552" - }, - { - "name" : "GLSA-201705-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-09" - }, - { - "name" : "RHSA-2016:1087", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1087" - }, - { - "name" : "RHSA-2016:1088", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1088" - }, - { - "name" : "RHSA-2016:1089", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1089.html" - }, - { - "name" : "RHSA-2016:2599", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2599.html" - }, - { - "name" : "RHSA-2016:2807", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2807.html" - }, - { - "name" : "RHSA-2016:2808", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2808.html" - }, - { - "name" : "SUSE-SU-2016:0769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html" - }, - { - "name" : "SUSE-SU-2016:0822", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html" - }, - { - "name" : "openSUSE-SU-2016:0865", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html" - }, - { - "name" : "USN-3024-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3024-1" - }, - { - "name" : "83330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83330" - }, - { - "name" : "1035069", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "83330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83330" + }, + { + "name": "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "GLSA-201705-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-09" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1720658", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1720658" + }, + { + "name": "openSUSE-SU-2016:0865", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html" + }, + { + "name": "http://tomcat.apache.org/security-9.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-9.html" + }, + { + "name": "USN-3024-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3024-1" + }, + { + "name": "SUSE-SU-2016:0769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html" + }, + { + "name": "DSA-3530", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3530" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "20160222 [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Feb/148" + }, + { + "name": "RHSA-2016:1089", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html" + }, + { + "name": "http://tomcat.apache.org/security-8.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-8.html" + }, + { + "name": "RHSA-2016:1087", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1087" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1720655", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1720655" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "1035069", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035069" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa118", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa118" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1720663", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1720663" + }, + { + "name": "RHSA-2016:2807", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html" + }, + { + "name": "RHSA-2016:1088", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1088" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180531-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180531-0001/" + }, + { + "name": "RHSA-2016:2808", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1720661", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1720661" + }, + { + "name": "SUSE-SU-2016:0822", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html" + }, + { + "name": "RHSA-2016:2599", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html" + }, + { + "name": "DSA-3609", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3609" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1720652", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1720652" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626" + }, + { + "name": "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021", + "refsource": "CONFIRM", + "url": "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021" + }, + { + "name": "DSA-3552", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3552" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1720660", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1720660" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5403.json b/2015/5xxx/CVE-2015-5403.json index d234e10ea07..afc0fd2cbb5 100644 --- a/2015/5xxx/CVE-2015-5403.json +++ b/2015/5xxx/CVE-2015-5403.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04762744", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04762744" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04762744", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04762744" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5446.json b/2015/5xxx/CVE-2015-5446.json index 06769494280..8a881c28f9d 100644 --- a/2015/5xxx/CVE-2015-5446.json +++ b/2015/5xxx/CVE-2015-5446.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589" - }, - { - "name" : "79392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79392" - }, - { - "name" : "1034605", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034605", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034605" + }, + { + "name": "79392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79392" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11038.json b/2018/11xxx/CVE-2018-11038.json index 3a8c6a3278f..06585f4b539 100644 --- a/2018/11xxx/CVE-2018-11038.json +++ b/2018/11xxx/CVE-2018-11038.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11038", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11038", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11102.json b/2018/11xxx/CVE-2018-11102.json index 4da6052c914..87a80feb013 100644 --- a/2018/11xxx/CVE-2018-11102.json +++ b/2018/11xxx/CVE-2018-11102.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1128", - "refsource" : "MISC", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1128" - }, - { - "name" : "https://docs.google.com/document/d/18xCwfxMSJiQ9ruQSVaO8-jlcobDjFiYXWOaw31V37xo/edit", - "refsource" : "MISC", - "url" : "https://docs.google.com/document/d/18xCwfxMSJiQ9ruQSVaO8-jlcobDjFiYXWOaw31V37xo/edit" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.google.com/document/d/18xCwfxMSJiQ9ruQSVaO8-jlcobDjFiYXWOaw31V37xo/edit", + "refsource": "MISC", + "url": "https://docs.google.com/document/d/18xCwfxMSJiQ9ruQSVaO8-jlcobDjFiYXWOaw31V37xo/edit" + }, + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1128", + "refsource": "MISC", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1128" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11613.json b/2018/11xxx/CVE-2018-11613.json index e5dc951c37f..5f331564b38 100644 --- a/2018/11xxx/CVE-2018-11613.json +++ b/2018/11xxx/CVE-2018-11613.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11613", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11613", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11634.json b/2018/11xxx/CVE-2018-11634.json index 6c37432255a..a077d882777 100644 --- a/2018/11xxx/CVE-2018-11634.json +++ b/2018/11xxx/CVE-2018-11634.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://d3adend.org/blog/?p=1398", - "refsource" : "MISC", - "url" : "https://d3adend.org/blog/?p=1398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://d3adend.org/blog/?p=1398", + "refsource": "MISC", + "url": "https://d3adend.org/blog/?p=1398" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15566.json b/2018/15xxx/CVE-2018-15566.json index 14390064083..44b45f1694a 100644 --- a/2018/15xxx/CVE-2018-15566.json +++ b/2018/15xxx/CVE-2018-15566.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fmsdwifull/tp5cms/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/fmsdwifull/tp5cms/issues/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fmsdwifull/tp5cms/issues/2", + "refsource": "MISC", + "url": "https://github.com/fmsdwifull/tp5cms/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15603.json b/2018/15xxx/CVE-2018-15603.json index 7e6a516aa9e..287c17708f9 100644 --- a/2018/15xxx/CVE-2018-15603.json +++ b/2018/15xxx/CVE-2018-15603.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the \"Leave a Comment\" screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VictorAlagwu/CMSsite/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/VictorAlagwu/CMSsite/issues/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the \"Leave a Comment\" screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VictorAlagwu/CMSsite/issues/2", + "refsource": "MISC", + "url": "https://github.com/VictorAlagwu/CMSsite/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3103.json b/2018/3xxx/CVE-2018-3103.json index 82e04e6b8f8..2afb74090f7 100644 --- a/2018/3xxx/CVE-2018-3103.json +++ b/2018/3xxx/CVE-2018-3103.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104762" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3177.json b/2018/3xxx/CVE-2018-3177.json index accb9726b21..62dbc62fe4e 100644 --- a/2018/3xxx/CVE-2018-3177.json +++ b/2018/3xxx/CVE-2018-3177.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hyperion Common Events", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.2.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion Common Events", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.2.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105642" - }, - { - "name" : "1041898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105642" + }, + { + "name": "1041898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041898" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3856.json b/2018/3xxx/CVE-2018-3856.json index 1617c92d2d8..8e6d296472b 100644 --- a/2018/3xxx/CVE-2018-3856.json +++ b/2018/3xxx/CVE-2018-3856.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Samsung", - "version" : { - "version_data" : [ - { - "version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Argument Injection or Modification" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung", + "version": { + "version_data": [ + { + "version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0539", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Argument Injection or Modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0539", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0539" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7218.json b/2018/7xxx/CVE-2018-7218.json index c414c8f9676..152c7b13d1b 100644 --- a/2018/7xxx/CVE-2018-7218.json +++ b/2018/7xxx/CVE-2018-7218.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX234869", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX234869" - }, - { - "name" : "1040921", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX234869", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX234869" + }, + { + "name": "1040921", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040921" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7346.json b/2018/7xxx/CVE-2018-7346.json index 7d3c90e64c9..b1d1b81158c 100644 --- a/2018/7xxx/CVE-2018-7346.json +++ b/2018/7xxx/CVE-2018-7346.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7346", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7346", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8006.json b/2018/8xxx/CVE-2018-8006.json index 701b898c4a0..227fa1ee54d 100644 --- a/2018/8xxx/CVE-2018-8006.json +++ b/2018/8xxx/CVE-2018-8006.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-10-10T00:00:00", - "ID" : "CVE-2018-8006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache ActiveMQ", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0 to 5.15.5" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-10-10T00:00:00", + "ID": "CVE-2018-8006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache ActiveMQ", + "version": { + "version_data": [ + { + "version_value": "5.0.0 to 5.15.5" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt", - "refsource" : "CONFIRM", - "url" : "http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt" - }, - { - "name" : "105156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt", + "refsource": "CONFIRM", + "url": "http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt" + }, + { + "name": "105156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105156" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8868.json b/2018/8xxx/CVE-2018-8868.json index 6a87093d48b..475aa8bf12b 100644 --- a/2018/8xxx/CVE-2018-8868.json +++ b/2018/8xxx/CVE-2018-8868.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-06-29T00:00:00", - "ID" : "CVE-2018-8868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Medtronic MyCareLink Patient Monitor", - "version" : { - "version_data" : [ - { - "version_value" : "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions." - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-06-29T00:00:00", + "ID": "CVE-2018-8868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Medtronic MyCareLink Patient Monitor", + "version": { + "version_data": [ + { + "version_value": "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions." + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8897.json b/2018/8xxx/CVE-2018-8897.json index cc599bc5785..160008ea22f 100644 --- a/2018/8xxx/CVE-2018-8897.json +++ b/2018/8xxx/CVE-2018-8897.json @@ -1,292 +1,292 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44697", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44697/" - }, - { - "name" : "45024", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45024/" - }, - { - "name" : "[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html" - }, - { - "name" : "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html" - }, - { - "name" : "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9" - }, - { - "name" : "http://openwall.com/lists/oss-security/2018/05/08/1", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2018/05/08/1" - }, - { - "name" : "http://openwall.com/lists/oss-security/2018/05/08/4", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2018/05/08/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1567074", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1567074" - }, - { - "name" : "https://github.com/can1357/CVE-2018-8897/", - "refsource" : "MISC", - "url" : "https://github.com/can1357/CVE-2018-8897/" - }, - { - "name" : "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9" - }, - { - "name" : "https://patchwork.kernel.org/patch/10386677/", - "refsource" : "MISC", - "url" : "https://patchwork.kernel.org/patch/10386677/" - }, - { - "name" : "https://support.apple.com/HT208742", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT208742" - }, - { - "name" : "https://svnweb.freebsd.org/base?view=revision&revision=333368", - "refsource" : "MISC", - "url" : "https://svnweb.freebsd.org/base?view=revision&revision=333368" - }, - { - "name" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc", - "refsource" : "MISC", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc" - }, - { - "name" : "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html", - "refsource" : "MISC", - "url" : "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html" - }, - { - "name" : "https://xenbits.xen.org/xsa/advisory-260.html", - "refsource" : "MISC", - "url" : "https://xenbits.xen.org/xsa/advisory-260.html" - }, - { - "name" : "https://support.citrix.com/article/CTX234679", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX234679" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_18_21", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_18_21" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180927-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180927-0002/" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "DSA-4196", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4196" - }, - { - "name" : "DSA-4201", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4201" - }, - { - "name" : "RHSA-2018:1318", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1318" - }, - { - "name" : "RHSA-2018:1319", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1319" - }, - { - "name" : "RHSA-2018:1345", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1345" - }, - { - "name" : "RHSA-2018:1346", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1346" - }, - { - "name" : "RHSA-2018:1347", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1347" - }, - { - "name" : "RHSA-2018:1348", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1348" - }, - { - "name" : "RHSA-2018:1349", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1349" - }, - { - "name" : "RHSA-2018:1350", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1350" - }, - { - "name" : "RHSA-2018:1351", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1351" - }, - { - "name" : "RHSA-2018:1352", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1352" - }, - { - "name" : "RHSA-2018:1353", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1353" - }, - { - "name" : "RHSA-2018:1354", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1354" - }, - { - "name" : "RHSA-2018:1355", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1355" - }, - { - "name" : "RHSA-2018:1524", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1524" - }, - { - "name" : "USN-3641-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3641-2/" - }, - { - "name" : "USN-3641-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3641-1/" - }, - { - "name" : "VU#631579", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/631579" - }, - { - "name" : "104071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104071" - }, - { - "name" : "1040849", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040849" - }, - { - "name" : "1040744", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040744" - }, - { - "name" : "1040861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040861" - }, - { - "name" : "1040866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040866" - }, - { - "name" : "1040882", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9" + }, + { + "name": "http://openwall.com/lists/oss-security/2018/05/08/4", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2018/05/08/4" + }, + { + "name": "1040849", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040849" + }, + { + "name": "104071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104071" + }, + { + "name": "RHSA-2018:1350", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1350" + }, + { + "name": "https://support.citrix.com/article/CTX234679", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX234679" + }, + { + "name": "RHSA-2018:1347", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1347" + }, + { + "name": "44697", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44697/" + }, + { + "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html" + }, + { + "name": "1040866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040866" + }, + { + "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html" + }, + { + "name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html" + }, + { + "name": "https://support.apple.com/HT208742", + "refsource": "MISC", + "url": "https://support.apple.com/HT208742" + }, + { + "name": "RHSA-2018:1346", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1346" + }, + { + "name": "RHSA-2018:1348", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1348" + }, + { + "name": "RHSA-2018:1354", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1354" + }, + { + "name": "https://svnweb.freebsd.org/base?view=revision&revision=333368", + "refsource": "MISC", + "url": "https://svnweb.freebsd.org/base?view=revision&revision=333368" + }, + { + "name": "DSA-4196", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4196" + }, + { + "name": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc", + "refsource": "MISC", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc" + }, + { + "name": "1040744", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040744" + }, + { + "name": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html", + "refsource": "MISC", + "url": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html" + }, + { + "name": "RHSA-2018:1351", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1351" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-260.html", + "refsource": "MISC", + "url": "https://xenbits.xen.org/xsa/advisory-260.html" + }, + { + "name": "RHSA-2018:1319", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1319" + }, + { + "name": "DSA-4201", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4201" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "RHSA-2018:1355", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1355" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180927-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180927-0002/" + }, + { + "name": "RHSA-2018:1345", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1345" + }, + { + "name": "45024", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45024/" + }, + { + "name": "RHSA-2018:1349", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1349" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897" + }, + { + "name": "RHSA-2018:1352", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1352" + }, + { + "name": "RHSA-2018:1318", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1318" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9" + }, + { + "name": "https://patchwork.kernel.org/patch/10386677/", + "refsource": "MISC", + "url": "https://patchwork.kernel.org/patch/10386677/" + }, + { + "name": "VU#631579", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/631579" + }, + { + "name": "https://github.com/can1357/CVE-2018-8897/", + "refsource": "MISC", + "url": "https://github.com/can1357/CVE-2018-8897/" + }, + { + "name": "RHSA-2018:1524", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1524" + }, + { + "name": "http://openwall.com/lists/oss-security/2018/05/08/1", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2018/05/08/1" + }, + { + "name": "1040861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040861" + }, + { + "name": "RHSA-2018:1353", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1353" + }, + { + "name": "USN-3641-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3641-2/" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_18_21", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_18_21" + }, + { + "name": "1040882", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040882" + }, + { + "name": "USN-3641-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3641-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8926.json b/2018/8xxx/CVE-2018-8926.json index 2b53148d0e2..c928b454165 100644 --- a/2018/8xxx/CVE-2018-8926.json +++ b/2018/8xxx/CVE-2018-8926.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-06-08T00:00:00", - "ID" : "CVE-2018-8926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Photo Station", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.8.5-3471" - }, - { - "affected" : "<", - "version_value" : "6.3-2975" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Permissive Regular Expression (CWE-625)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-06-08T00:00:00", + "ID": "CVE-2018-8926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photo Station", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.8.5-3471" + }, + { + "affected": "<", + "version_value": "6.3-2975" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permissive Regular Expression (CWE-625)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15", + "refsource": "CONFIRM", + "url": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15" + } + ] + } +} \ No newline at end of file