From 91413f98a4749b628ecccfc67690c900ff481685 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:46:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0143.json | 190 +++++++------- 2005/0xxx/CVE-2005-0162.json | 200 +++++++------- 2005/0xxx/CVE-2005-0187.json | 160 ++++++------ 2005/0xxx/CVE-2005-0714.json | 34 +-- 2005/2xxx/CVE-2005-2128.json | 260 +++++++++---------- 2005/2xxx/CVE-2005-2345.json | 34 +-- 2005/2xxx/CVE-2005-2392.json | 190 +++++++------- 2005/2xxx/CVE-2005-2821.json | 34 +-- 2005/2xxx/CVE-2005-2872.json | 270 +++++++++---------- 2005/4xxx/CVE-2005-4128.json | 34 +-- 2005/4xxx/CVE-2005-4176.json | 170 ++++++------ 2005/4xxx/CVE-2005-4308.json | 140 +++++----- 2005/4xxx/CVE-2005-4544.json | 34 +-- 2005/4xxx/CVE-2005-4686.json | 150 +++++------ 2005/4xxx/CVE-2005-4737.json | 140 +++++----- 2005/4xxx/CVE-2005-4784.json | 200 +++++++------- 2009/0xxx/CVE-2009-0676.json | 490 +++++++++++++++++------------------ 2009/2xxx/CVE-2009-2307.json | 130 +++++----- 2009/2xxx/CVE-2009-2854.json | 160 ++++++------ 2009/2xxx/CVE-2009-2988.json | 170 ++++++------ 2009/3xxx/CVE-2009-3176.json | 150 +++++------ 2009/3xxx/CVE-2009-3507.json | 130 +++++----- 2009/3xxx/CVE-2009-3582.json | 150 +++++------ 2009/3xxx/CVE-2009-3607.json | 300 ++++++++++----------- 2009/3xxx/CVE-2009-3736.json | 490 +++++++++++++++++------------------ 2009/4xxx/CVE-2009-4235.json | 190 +++++++------- 2009/4xxx/CVE-2009-4428.json | 160 ++++++------ 2009/4xxx/CVE-2009-4502.json | 150 +++++------ 2009/4xxx/CVE-2009-4529.json | 190 +++++++------- 2009/4xxx/CVE-2009-4573.json | 170 ++++++------ 2009/4xxx/CVE-2009-4619.json | 140 +++++----- 2015/0xxx/CVE-2015-0192.json | 240 ++++++++--------- 2015/0xxx/CVE-2015-0426.json | 130 +++++----- 2015/0xxx/CVE-2015-0822.json | 330 +++++++++++------------ 2015/1xxx/CVE-2015-1045.json | 34 +-- 2015/1xxx/CVE-2015-1131.json | 150 +++++------ 2015/1xxx/CVE-2015-1256.json | 210 +++++++-------- 2015/1xxx/CVE-2015-1286.json | 210 +++++++-------- 2015/1xxx/CVE-2015-1813.json | 150 +++++------ 2015/5xxx/CVE-2015-5735.json | 180 ++++++------- 2015/5xxx/CVE-2015-5786.json | 140 +++++----- 2015/5xxx/CVE-2015-5836.json | 140 +++++----- 2018/3xxx/CVE-2018-3314.json | 34 +-- 2018/3xxx/CVE-2018-3530.json | 34 +-- 2018/3xxx/CVE-2018-3537.json | 34 +-- 2018/3xxx/CVE-2018-3715.json | 132 +++++----- 2018/6xxx/CVE-2018-6148.json | 34 +-- 2018/6xxx/CVE-2018-6336.json | 132 +++++----- 2018/6xxx/CVE-2018-6362.json | 130 +++++----- 2018/7xxx/CVE-2018-7340.json | 34 +-- 2018/7xxx/CVE-2018-7434.json | 120 ++++----- 2018/7xxx/CVE-2018-7732.json | 120 ++++----- 2018/7xxx/CVE-2018-7956.json | 120 ++++----- 2018/8xxx/CVE-2018-8448.json | 146 +++++------ 2018/8xxx/CVE-2018-8554.json | 198 +++++++------- 2018/8xxx/CVE-2018-8727.json | 120 ++++----- 56 files changed, 4356 insertions(+), 4356 deletions(-) diff --git a/2005/0xxx/CVE-2005-0143.json b/2005/0xxx/CVE-2005-0143.json index d2616475f86..ee695016ef2 100644 --- a/2005/0xxx/CVE-2005-0143.json +++ b/2005/0xxx/CVE-2005-0143.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-03.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=257308", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=257308" - }, - { - "name" : "RHSA-2005:335", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-335.html" - }, - { - "name" : "RHSA-2005:384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html" - }, - { - "name" : "12407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12407" - }, - { - "name" : "oval:org.mitre.oval:def:100055", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055" - }, - { - "name" : "oval:org.mitre.oval:def:11297", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297" - }, - { - "name" : "mozilla-ssl-spoofing(19166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12407" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-03.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-03.html" + }, + { + "name": "oval:org.mitre.oval:def:100055", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055" + }, + { + "name": "RHSA-2005:335", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-335.html" + }, + { + "name": "oval:org.mitre.oval:def:11297", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297" + }, + { + "name": "mozilla-ssl-spoofing(19166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166" + }, + { + "name": "RHSA-2005:384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=257308", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=257308" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0162.json b/2005/0xxx/CVE-2005-0162.json index a14441f4aba..587efb62301 100644 --- a/2005/0xxx/CVE-2005-0162.json +++ b/2005/0xxx/CVE-2005-0162.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities" - }, - { - "name" : "http://www.openswan.org/support/vuln/IDEF0785/", - "refsource" : "CONFIRM", - "url" : "http://www.openswan.org/support/vuln/IDEF0785/" - }, - { - "name" : "FEDORA-2005-082", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html" - }, - { - "name" : "12377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12377" - }, - { - "name" : "13195", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13195" - }, - { - "name" : "1013014", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013014" - }, - { - "name" : "14038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14038" - }, - { - "name" : "14062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14062" - }, - { - "name" : "openswan-xauth-pam-bo(19078)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2005-082", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html" + }, + { + "name": "1013014", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013014" + }, + { + "name": "12377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12377" + }, + { + "name": "20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities" + }, + { + "name": "openswan-xauth-pam-bo(19078)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19078" + }, + { + "name": "14062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14062" + }, + { + "name": "14038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14038" + }, + { + "name": "13195", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13195" + }, + { + "name": "http://www.openswan.org/support/vuln/IDEF0785/", + "refsource": "CONFIRM", + "url": "http://www.openswan.org/support/vuln/IDEF0785/" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0187.json b/2005/0xxx/CVE-2005-0187.json index d205d30e11d..1171d904332 100644 --- a/2005/0xxx/CVE-2005-0187.json +++ b/2005/0xxx/CVE-2005-0187.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041006 Patch available for high risk flaws in the AtHoc Toolbar", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109710974324742&w=2" - }, - { - "name" : "20050119 Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110616363415176&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/athoc-01full.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/athoc-01full.txt" - }, - { - "name" : "11341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11341" - }, - { - "name" : "athoc-toolbar-bo(17627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050119 Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110616363415176&w=2" + }, + { + "name": "11341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11341" + }, + { + "name": "20041006 Patch available for high risk flaws in the AtHoc Toolbar", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109710974324742&w=2" + }, + { + "name": "http://www.ngssoftware.com/advisories/athoc-01full.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/athoc-01full.txt" + }, + { + "name": "athoc-toolbar-bo(17627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17627" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0714.json b/2005/0xxx/CVE-2005-0714.json index 9f7c90baea0..1d8e7d672fe 100644 --- a/2005/0xxx/CVE-2005-0714.json +++ b/2005/0xxx/CVE-2005-0714.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0714", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0340. Reason: This candidate is a reservation duplicate of CVE-2005-0340. Notes: All CVE users should reference CVE-2005-0340 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-0714", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0340. Reason: This candidate is a reservation duplicate of CVE-2005-0340. Notes: All CVE users should reference CVE-2005-0340 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2128.json b/2005/2xxx/CVE-2005-2128.json index df4f962f59d..4586d63a712 100644 --- a/2005/2xxx/CVE-2005-2128.json +++ b/2005/2xxx/CVE-2005-2128.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2005-2128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "AD20051011a", - "refsource" : "EEYE", - "url" : "http://www.eeye.com/html/research/advisories/AD20051011a.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" - }, - { - "name" : "MS05-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-050" - }, - { - "name" : "TA05-284A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-284A.html" - }, - { - "name" : "VU#995220", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/995220" - }, - { - "name" : "15063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15063" - }, - { - "name" : "18822", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18822" - }, - { - "name" : "oval:org.mitre.oval:def:1149", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1149" - }, - { - "name" : "oval:org.mitre.oval:def:1231", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1231" - }, - { - "name" : "oval:org.mitre.oval:def:1267", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1267" - }, - { - "name" : "oval:org.mitre.oval:def:1424", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1424" - }, - { - "name" : "oval:org.mitre.oval:def:1434", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1434" - }, - { - "name" : "17160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17160" - }, - { - "name" : "17172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17172" - }, - { - "name" : "17509", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17160" + }, + { + "name": "oval:org.mitre.oval:def:1267", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1267" + }, + { + "name": "AD20051011a", + "refsource": "EEYE", + "url": "http://www.eeye.com/html/research/advisories/AD20051011a.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" + }, + { + "name": "VU#995220", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/995220" + }, + { + "name": "oval:org.mitre.oval:def:1149", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1149" + }, + { + "name": "18822", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18822" + }, + { + "name": "MS05-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-050" + }, + { + "name": "17172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17172" + }, + { + "name": "17509", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17509" + }, + { + "name": "oval:org.mitre.oval:def:1434", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1434" + }, + { + "name": "oval:org.mitre.oval:def:1424", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1424" + }, + { + "name": "oval:org.mitre.oval:def:1231", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1231" + }, + { + "name": "TA05-284A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-284A.html" + }, + { + "name": "15063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15063" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2345.json b/2005/2xxx/CVE-2005-2345.json index 92bdfa2d3f2..f74d5bf9d09 100644 --- a/2005/2xxx/CVE-2005-2345.json +++ b/2005/2xxx/CVE-2005-2345.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2345", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-2345", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2392.json b/2005/2xxx/CVE-2005-2392.json index e7345d669ca..6fa91317864 100644 --- a/2005/2xxx/CVE-2005-2392.json +++ b/2005/2xxx/CVE-2005-2392.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060803 CMSimple Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442106/100/100/threaded" - }, - { - "name" : "http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html" - }, - { - "name" : "http://www.aria-security.net/advisory/cmsimple.txt", - "refsource" : "MISC", - "url" : "http://www.aria-security.net/advisory/cmsimple.txt" - }, - { - "name" : "http://www.cmsimple.dk/forum/viewtopic.php?t=2470", - "refsource" : "CONFIRM", - "url" : "http://www.cmsimple.dk/forum/viewtopic.php?t=2470" - }, - { - "name" : "14346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14346" - }, - { - "name" : "18128", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18128" - }, - { - "name" : "1014556", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014556" - }, - { - "name" : "16147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014556", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014556" + }, + { + "name": "16147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16147" + }, + { + "name": "http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html" + }, + { + "name": "http://www.cmsimple.dk/forum/viewtopic.php?t=2470", + "refsource": "CONFIRM", + "url": "http://www.cmsimple.dk/forum/viewtopic.php?t=2470" + }, + { + "name": "14346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14346" + }, + { + "name": "20060803 CMSimple Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442106/100/100/threaded" + }, + { + "name": "http://www.aria-security.net/advisory/cmsimple.txt", + "refsource": "MISC", + "url": "http://www.aria-security.net/advisory/cmsimple.txt" + }, + { + "name": "18128", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18128" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2821.json b/2005/2xxx/CVE-2005-2821.json index b0f8d724171..0806a40b61a 100644 --- a/2005/2xxx/CVE-2005-2821.json +++ b/2005/2xxx/CVE-2005-2821.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2821", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2821", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2872.json b/2005/2xxx/CVE-2005-2872.json index 774ac71baa6..a4e34ae4213 100644 --- a/2005/2xxx/CVE-2005-2872.json +++ b/2005/2xxx/CVE-2005-2872.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2" - }, - { - "name" : "DSA-922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-922" - }, - { - "name" : "DSA-921", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-921" - }, - { - "name" : "FLSA:157459-3", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" - }, - { - "name" : "MDKSA-2005:219", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" - }, - { - "name" : "MDKSA-2005:220", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220" - }, - { - "name" : "RHSA-2005:514", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-514.html" - }, - { - "name" : "SUSE-SA:2005:068", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/archive/1/419522/100/0/threaded" - }, - { - "name" : "14791", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14791" - }, - { - "name" : "oval:org.mitre.oval:def:11394", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11394" - }, - { - "name" : "17918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17918" - }, - { - "name" : "18056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18056" - }, - { - "name" : "18059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18059" - }, - { - "name" : "17073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17073" - }, - { - "name" : "17826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18056" + }, + { + "name": "MDKSA-2005:220", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220" + }, + { + "name": "17073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17073" + }, + { + "name": "18059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18059" + }, + { + "name": "SUSE-SA:2005:068", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/archive/1/419522/100/0/threaded" + }, + { + "name": "DSA-922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-922" + }, + { + "name": "14791", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14791" + }, + { + "name": "DSA-921", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-921" + }, + { + "name": "RHSA-2005:514", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-514.html" + }, + { + "name": "17826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17826" + }, + { + "name": "oval:org.mitre.oval:def:11394", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11394" + }, + { + "name": "17918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17918" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2" + }, + { + "name": "FLSA:157459-3", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded" + }, + { + "name": "MDKSA-2005:219", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4128.json b/2005/4xxx/CVE-2005-4128.json index 3193cf76610..616c92c2da3 100644 --- a/2005/4xxx/CVE-2005-4128.json +++ b/2005/4xxx/CVE-2005-4128.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4128", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4092. Reason: This candidate is a duplicate of CVE-2005-4092. This candidate was originally published to handle a pre-patch vague announcement, but multiple simultaneous pre-patch announcements resulted in duplicate CVEs that could not be identified until a full patch was released. Notes: All CVE users should reference CVE-2005-4092 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4128", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4092. Reason: This candidate is a duplicate of CVE-2005-4092. This candidate was originally published to handle a pre-patch vague announcement, but multiple simultaneous pre-patch announcements resulted in duplicate CVEs that could not be identified until a full patch was released. Notes: All CVE users should reference CVE-2005-4092 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4176.json b/2005/4xxx/CVE-2005-4176.json index e948e0edc50..2740e78766a 100644 --- a/2005/4xxx/CVE-2005-4176.json +++ b/2005/4xxx/CVE-2005-4176.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051213 Bios Information Leakage", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419610/100/0/threaded" - }, - { - "name" : "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt", - "refsource" : "MISC", - "url" : "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt" - }, - { - "name" : "http://www.ivizsecurity.com/preboot-patch.html", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/preboot-patch.html" - }, - { - "name" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" - }, - { - "name" : "VU#847537", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/847537" - }, - { - "name" : "15751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ivizsecurity.com/preboot-patch.html", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/preboot-patch.html" + }, + { + "name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" + }, + { + "name": "15751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15751" + }, + { + "name": "20051213 Bios Information Leakage", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419610/100/0/threaded" + }, + { + "name": "VU#847537", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/847537" + }, + { + "name": "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt", + "refsource": "MISC", + "url": "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4308.json b/2005/4xxx/CVE-2005-4308.json index 98d15ed6bdf..5dd259f842f 100644 --- a/2005/4xxx/CVE-2005-4308.json +++ b/2005/4xxx/CVE-2005-4308.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/ezupload-pro-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/ezupload-pro-vuln.html" - }, - { - "name" : "15918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15918" - }, - { - "name" : "21911", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21911", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21911" + }, + { + "name": "15918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15918" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/ezupload-pro-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/ezupload-pro-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4544.json b/2005/4xxx/CVE-2005-4544.json index 21b112eda08..9a6afb90e42 100644 --- a/2005/4xxx/CVE-2005-4544.json +++ b/2005/4xxx/CVE-2005-4544.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4544", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4544", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4686.json b/2005/4xxx/CVE-2005-4686.json index 57810623183..5983127a0e1 100644 --- a/2005/4xxx/CVE-2005-4686.json +++ b/2005/4xxx/CVE-2005-4686.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt", - "refsource" : "CONFIRM", - "url" : "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt" - }, - { - "name" : "15328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15328" - }, - { - "name" : "17425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17425" - }, - { - "name" : "17433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17433" + }, + { + "name": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt", + "refsource": "CONFIRM", + "url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt" + }, + { + "name": "15328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15328" + }, + { + "name": "17425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17425" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4737.json b/2005/4xxx/CVE-2005-4737.json index 50f3b5bbd52..405a3cbd662 100644 --- a/2005/4xxx/CVE-2005-4737.json +++ b/2005/4xxx/CVE-2005-4737.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by \"abnormally\" terminating a connection, which prevents db2agents from being properly cleared." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY71587", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY71587" - }, - { - "name" : "15126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15126" - }, - { - "name" : "17031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by \"abnormally\" terminating a connection, which prevents db2agents from being properly cleared." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15126" + }, + { + "name": "IY71587", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY71587" + }, + { + "name": "17031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17031" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4784.json b/2005/4xxx/CVE-2005-4784.json index 55e68f178ce..c705bda486f 100644 --- a/2005/4xxx/CVE-2005-4784.json +++ b/2005/4xxx/CVE-2005-4784.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051101 readdir_r considered harmful", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415781" - }, - { - "name" : "20051105 Re: readdir_r considered harmful", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415790/30/0/threaded" - }, - { - "name" : "20051105 Re: readdir_r considered harmful", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415995/30/0/threaded" - }, - { - "name" : "20051106 Re: readdir_r considered harmful", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415998/30/0/threaded" - }, - { - "name" : "20051106 Re: readdir_r considered harmful", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415999/30/0/threaded" - }, - { - "name" : "20051106 Re: readdir_r considered harmful", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/416002/30/0/threaded" - }, - { - "name" : "20051108 Re: readdir_r considered harmful", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/416048/30/0/threaded" - }, - { - "name" : "http://womble.decadentplace.org.uk/readdir_r-advisory.html", - "refsource" : "MISC", - "url" : "http://womble.decadentplace.org.uk/readdir_r-advisory.html" - }, - { - "name" : "15259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051106 Re: readdir_r considered harmful", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/416002/30/0/threaded" + }, + { + "name": "20051101 readdir_r considered harmful", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415781" + }, + { + "name": "20051105 Re: readdir_r considered harmful", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415790/30/0/threaded" + }, + { + "name": "15259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15259" + }, + { + "name": "20051106 Re: readdir_r considered harmful", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415999/30/0/threaded" + }, + { + "name": "20051106 Re: readdir_r considered harmful", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415998/30/0/threaded" + }, + { + "name": "20051105 Re: readdir_r considered harmful", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415995/30/0/threaded" + }, + { + "name": "http://womble.decadentplace.org.uk/readdir_r-advisory.html", + "refsource": "MISC", + "url": "http://womble.decadentplace.org.uk/readdir_r-advisory.html" + }, + { + "name": "20051108 Re: readdir_r considered harmful", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/416048/30/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0676.json b/2009/0xxx/CVE-2009-0676.json index fd88a570ee1..56cdb672aac 100644 --- a/2009/0xxx/CVE-2009-0676.json +++ b/2009/0xxx/CVE-2009-0676.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "[linux-kernel] 20090212 [PATCH] 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2009/2/12/123" - }, - { - "name" : "[oss-security] 20090220 CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/02/20/1" - }, - { - "name" : "[linux-kernel] 20090223 net: amend the fix for SO_BSDCOMPAT gsopt infoleak", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=123540732700371&w=2" - }, - { - "name" : "[oss-security] 20090224 Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/24/1" - }, - { - "name" : "[oss-security] 20090302 Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/02/6" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da" - }, - { - "name" : "http://patchwork.kernel.org/patch/6816/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.kernel.org/patch/6816/" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=486305", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=486305" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "DSA-1749", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1749" - }, - { - "name" : "DSA-1787", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1787" - }, - { - "name" : "DSA-1794", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1794" - }, - { - "name" : "MDVSA-2009:071", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:071" - }, - { - "name" : "RHSA-2009:0360", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0360.html" - }, - { - "name" : "RHSA-2009:0326", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0326.html" - }, - { - "name" : "RHSA-2009:0459", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0459.html" - }, - { - "name" : "SUSE-SA:2009:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html" - }, - { - "name" : "SUSE-SA:2009:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html" - }, - { - "name" : "SUSE-SA:2009:031", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html" - }, - { - "name" : "USN-751-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-751-1" - }, - { - "name" : "33846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33846" - }, - { - "name" : "oval:org.mitre.oval:def:11653", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11653" - }, - { - "name" : "oval:org.mitre.oval:def:8618", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8618" - }, - { - "name" : "34394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34394" - }, - { - "name" : "33758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33758" - }, - { - "name" : "34502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34502" - }, - { - "name" : "34680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34680" - }, - { - "name" : "34786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34786" - }, - { - "name" : "34962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34962" - }, - { - "name" : "34981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34981" - }, - { - "name" : "35011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35011" - }, - { - "name" : "35390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35390" - }, - { - "name" : "35394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35394" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "kernel-sock-information-disclosure(48847)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35390" + }, + { + "name": "kernel-sock-information-disclosure(48847)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48847" + }, + { + "name": "[oss-security] 20090220 CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/02/20/1" + }, + { + "name": "34502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34502" + }, + { + "name": "RHSA-2009:0326", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html" + }, + { + "name": "34786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34786" + }, + { + "name": "34962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34962" + }, + { + "name": "oval:org.mitre.oval:def:8618", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8618" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "RHSA-2009:0360", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0360.html" + }, + { + "name": "RHSA-2009:0459", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0459.html" + }, + { + "name": "[oss-security] 20090302 Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/02/6" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "DSA-1749", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1749" + }, + { + "name": "http://patchwork.kernel.org/patch/6816/", + "refsource": "CONFIRM", + "url": "http://patchwork.kernel.org/patch/6816/" + }, + { + "name": "DSA-1794", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1794" + }, + { + "name": "[linux-kernel] 20090223 net: amend the fix for SO_BSDCOMPAT gsopt infoleak", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=123540732700371&w=2" + }, + { + "name": "33758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33758" + }, + { + "name": "SUSE-SA:2009:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html" + }, + { + "name": "USN-751-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-751-1" + }, + { + "name": "oval:org.mitre.oval:def:11653", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11653" + }, + { + "name": "33846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33846" + }, + { + "name": "35011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35011" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "[oss-security] 20090224 Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/24/1" + }, + { + "name": "SUSE-SA:2009:031", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html" + }, + { + "name": "SUSE-SA:2009:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html" + }, + { + "name": "[linux-kernel] 20090212 [PATCH] 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2009/2/12/123" + }, + { + "name": "34981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34981" + }, + { + "name": "34394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34394" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=486305", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486305" + }, + { + "name": "DSA-1787", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1787" + }, + { + "name": "MDVSA-2009:071", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:071" + }, + { + "name": "34680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34680" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6" + }, + { + "name": "35394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35394" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2307.json b/2009/2xxx/CVE-2009-2307.json index 4e5a9cdb6e3..56c4365700b 100644 --- a/2009/2xxx/CVE-2009-2307.json +++ b/2009/2xxx/CVE-2009-2307.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9056", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9056" - }, - { - "name" : "cwguestbook-modules-sql-injection(51478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cwguestbook-modules-sql-injection(51478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51478" + }, + { + "name": "9056", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9056" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2854.json b/2009/2xxx/CVE-2009-2854.json index 1836363c135..6869c5b43dd 100644 --- a/2009/2xxx/CVE-2009-2854.json +++ b/2009/2xxx/CVE-2009-2854.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090804 CVE request: Wordpress", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/04/5" - }, - { - "name" : "http://core.trac.wordpress.org/changeset/11765", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/changeset/11765" - }, - { - "name" : "http://core.trac.wordpress.org/changeset/11766", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/changeset/11766" - }, - { - "name" : "http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/" - }, - { - "name" : "DSA-1871", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090804 CVE request: Wordpress", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/04/5" + }, + { + "name": "http://core.trac.wordpress.org/changeset/11765", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/changeset/11765" + }, + { + "name": "DSA-1871", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1871" + }, + { + "name": "http://core.trac.wordpress.org/changeset/11766", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/changeset/11766" + }, + { + "name": "http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2988.json b/2009/2xxx/CVE-2009-2988.json index e28eda036b9..86bcdf1241c 100644 --- a/2009/2xxx/CVE-2009-2988.json +++ b/2009/2xxx/CVE-2009-2988.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html" - }, - { - "name" : "TA09-286B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286B.html" - }, - { - "name" : "36638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36638" - }, - { - "name" : "oval:org.mitre.oval:def:6483", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6483" - }, - { - "name" : "1023007", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023007" - }, - { - "name" : "ADV-2009-2898", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36638" + }, + { + "name": "TA09-286B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html" + }, + { + "name": "1023007", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023007" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html" + }, + { + "name": "oval:org.mitre.oval:def:6483", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6483" + }, + { + "name": "ADV-2009-2898", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2898" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3176.json b/2009/3xxx/CVE-2009-3176.json index c7b88830c89..d4accde8f96 100644 --- a/2009/3xxx/CVE-2009-3176.json +++ b/2009/3xxx/CVE-2009-3176.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.1, \"Novell iPrint Client 4.38 ActiveX exploit.\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36231" - }, - { - "name" : "57922", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/57922" - }, - { - "name" : "36579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.1, \"Novell iPrint Client 4.38 ActiveX exploit.\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36579" + }, + { + "name": "57922", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/57922" + }, + { + "name": "36231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36231" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3507.json b/2009/3xxx/CVE-2009-3507.json index 5032f13c400..23181f7539d 100644 --- a/2009/3xxx/CVE-2009-3507.json +++ b/2009/3xxx/CVE-2009-3507.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9311", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9311" - }, - { - "name" : "36075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9311", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9311" + }, + { + "name": "36075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36075" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3582.json b/2009/3xxx/CVE-2009-3582.json index 2749b957159..9b52976060e 100644 --- a/2009/3xxx/CVE-2009-3582.json +++ b/2009/3xxx/CVE-2009-3582.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091221 SQL-Ledger â?? several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508559/100/0/threaded" - }, - { - "name" : "37431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37431" - }, - { - "name" : "37877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37877" - }, - { - "name" : "sqlledger-id-sql-injection(54966)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091221 SQL-Ledger â?? several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded" + }, + { + "name": "sqlledger-id-sql-injection(54966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54966" + }, + { + "name": "37877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37877" + }, + { + "name": "37431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37431" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3607.json b/2009/3xxx/CVE-2009-3607.json index bf602925a23..d6cc638bd14 100644 --- a/2009/3xxx/CVE-2009-3607.json +++ b/2009/3xxx/CVE-2009-3607.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091130 Need more information on recent poppler issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/01/1" - }, - { - "name" : "[oss-security] 20091130 Re: Need more information on recent poppler issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/01/5" - }, - { - "name" : "[oss-security] 20091201 Re: Need more information on recent poppler issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/01/6" - }, - { - "name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=526924", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=526924" - }, - { - "name" : "DSA-1941", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1941" - }, - { - "name" : "FEDORA-2009-10823", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" - }, - { - "name" : "FEDORA-2009-10845", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" - }, - { - "name" : "MDVSA-2011:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" - }, - { - "name" : "274030", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" - }, - { - "name" : "1021706", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" - }, - { - "name" : "USN-850-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-850-1" - }, - { - "name" : "USN-850-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-850-3" - }, - { - "name" : "36718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36718" - }, - { - "name" : "37054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37054" - }, - { - "name" : "37159", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37159" - }, - { - "name" : "37114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37114" - }, - { - "name" : "ADV-2009-2925", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2925" - }, - { - "name" : "poppler-createsurfacefromthumbnaildata-bo(53801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1941", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1941" + }, + { + "name": "[oss-security] 20091201 Re: Need more information on recent poppler issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/01/6" + }, + { + "name": "FEDORA-2009-10823", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" + }, + { + "name": "36718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36718" + }, + { + "name": "[oss-security] 20091130 Need more information on recent poppler issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/01/1" + }, + { + "name": "poppler-createsurfacefromthumbnaildata-bo(53801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53801" + }, + { + "name": "37159", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37159" + }, + { + "name": "37054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37054" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=526924", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526924" + }, + { + "name": "1021706", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" + }, + { + "name": "FEDORA-2009-10845", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" + }, + { + "name": "37114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37114" + }, + { + "name": "MDVSA-2011:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" + }, + { + "name": "USN-850-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-850-3" + }, + { + "name": "[oss-security] 20091130 Re: Need more information on recent poppler issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/01/5" + }, + { + "name": "274030", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" + }, + { + "name": "USN-850-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-850-1" + }, + { + "name": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706" + }, + { + "name": "ADV-2009-2925", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2925" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3736.json b/2009/3xxx/CVE-2009-3736.json index f265a1543a7..e5a90a12d67 100644 --- a/2009/3xxx/CVE-2009-3736.json +++ b/2009/3xxx/CVE-2009-3736.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-3736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libtool] 20091116 Backport of libltdl changes to branch-1-5", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html" - }, - { - "name" : "[libtool] 20091116 GNU Libtool 2.2.6b released", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html" - }, - { - "name" : "ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=537941", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=537941" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100074869", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100074869" - }, - { - "name" : "http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup", - "refsource" : "CONFIRM", - "url" : "http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "FEDORA-2010-1872", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html" - }, - { - "name" : "FEDORA-2010-1924", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html" - }, - { - "name" : "FEDORA-2009-12813", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html" - }, - { - "name" : "FEDORA-2011-1958", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html" - }, - { - "name" : "FEDORA-2011-1967", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html" - }, - { - "name" : "FEDORA-2011-1990", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html" - }, - { - "name" : "GLSA-201311-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201311-10.xml" - }, - { - "name" : "MDVSA-2009:307", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:307" - }, - { - "name" : "MDVSA-2010:035", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035" - }, - { - "name" : "MDVSA-2010:091", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091" - }, - { - "name" : "MDVSA-2010:105", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105" - }, - { - "name" : "RHSA-2010:0095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0095.html" - }, - { - "name" : "RHSA-2010:0039", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0039.html" - }, - { - "name" : "SUSE-SR:2010:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" - }, - { - "name" : "37128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37128" - }, - { - "name" : "oval:org.mitre.oval:def:11687", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687" - }, - { - "name" : "oval:org.mitre.oval:def:6951", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951" - }, - { - "name" : "37414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37414" - }, - { - "name" : "37489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37489" - }, - { - "name" : "38577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38577" - }, - { - "name" : "38617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38617" - }, - { - "name" : "38696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38696" - }, - { - "name" : "38915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38915" - }, - { - "name" : "38190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38190" - }, - { - "name" : "39299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39299" - }, - { - "name" : "39347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39347" - }, - { - "name" : "37997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37997" - }, - { - "name" : "43617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43617" - }, - { - "name" : "55721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55721" - }, - { - "name" : "ADV-2011-0574", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201311-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201311-10.xml" + }, + { + "name": "MDVSA-2010:105", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105" + }, + { + "name": "FEDORA-2010-1872", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html" + }, + { + "name": "MDVSA-2010:091", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100074869", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100074869" + }, + { + "name": "ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz", + "refsource": "CONFIRM", + "url": "ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz" + }, + { + "name": "39299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39299" + }, + { + "name": "38577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38577" + }, + { + "name": "38617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38617" + }, + { + "name": "MDVSA-2010:035", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035" + }, + { + "name": "37414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37414" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=537941", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=537941" + }, + { + "name": "http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup", + "refsource": "CONFIRM", + "url": "http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup" + }, + { + "name": "55721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55721" + }, + { + "name": "FEDORA-2010-1924", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html" + }, + { + "name": "38190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38190" + }, + { + "name": "oval:org.mitre.oval:def:6951", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951" + }, + { + "name": "http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec" + }, + { + "name": "FEDORA-2009-12813", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html" + }, + { + "name": "FEDORA-2011-1967", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html" + }, + { + "name": "RHSA-2010:0039", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0039.html" + }, + { + "name": "MDVSA-2009:307", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:307" + }, + { + "name": "SUSE-SR:2010:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" + }, + { + "name": "FEDORA-2011-1990", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html" + }, + { + "name": "43617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43617" + }, + { + "name": "FEDORA-2011-1958", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html" + }, + { + "name": "[libtool] 20091116 GNU Libtool 2.2.6b released", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html" + }, + { + "name": "ADV-2011-0574", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0574" + }, + { + "name": "37128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37128" + }, + { + "name": "[libtool] 20091116 Backport of libltdl changes to branch-1-5", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html" + }, + { + "name": "37489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37489" + }, + { + "name": "39347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39347" + }, + { + "name": "RHSA-2010:0095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "oval:org.mitre.oval:def:11687", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687" + }, + { + "name": "38696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38696" + }, + { + "name": "37997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37997" + }, + { + "name": "38915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38915" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4235.json b/2009/4xxx/CVE-2009-4235.json index 9a0dcdd9764..ba081a38364 100644 --- a/2009/4xxx/CVE-2009-4235.json +++ b/2009/4xxx/CVE-2009-4235.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=515062", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=515062" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=542926", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=542926" - }, - { - "name" : "DSA-1960", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1960" - }, - { - "name" : "MDVSA-2009:342", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:342" - }, - { - "name" : "MDVSA-2009:343", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:343" - }, - { - "name" : "RHSA-2009:1642", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1642.html" - }, - { - "name" : "1023284", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023284" - }, - { - "name" : "acpid-umask-weak-security(54676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=542926", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=542926" + }, + { + "name": "1023284", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023284" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=515062", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515062" + }, + { + "name": "DSA-1960", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1960" + }, + { + "name": "acpid-umask-weak-security(54676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54676" + }, + { + "name": "RHSA-2009:1642", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1642.html" + }, + { + "name": "MDVSA-2009:343", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:343" + }, + { + "name": "MDVSA-2009:342", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:342" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4428.json b/2009/4xxx/CVE-2009-4428.json index a8e330f87df..add2f48ce3e 100644 --- a/2009/4xxx/CVE-2009-4428.json +++ b/2009/4xxx/CVE-2009-4428.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt" - }, - { - "name" : "37403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37403" - }, - { - "name" : "61138", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61138" - }, - { - "name" : "37838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37838" - }, - { - "name" : "joomportfolio-secid-sql-injection(54912)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37403" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt" + }, + { + "name": "joomportfolio-secid-sql-injection(54912)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54912" + }, + { + "name": "37838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37838" + }, + { + "name": "61138", + "refsource": "OSVDB", + "url": "http://osvdb.org/61138" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4502.json b/2009/4xxx/CVE-2009-4502.json index b383ceccba1..043a744c90e 100644 --- a/2009/4xxx/CVE-2009-4502.json +++ b/2009/4xxx/CVE-2009-4502.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091213 Zabbix Agent : Bypass of EnableRemoteCommands=0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508439" - }, - { - "name" : "https://support.zabbix.com/browse/ZBX-1032", - "refsource" : "CONFIRM", - "url" : "https://support.zabbix.com/browse/ZBX-1032" - }, - { - "name" : "37740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37740" - }, - { - "name" : "ADV-2009-3514", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091213 Zabbix Agent : Bypass of EnableRemoteCommands=0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508439" + }, + { + "name": "https://support.zabbix.com/browse/ZBX-1032", + "refsource": "CONFIRM", + "url": "https://support.zabbix.com/browse/ZBX-1032" + }, + { + "name": "37740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37740" + }, + { + "name": "ADV-2009-3514", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3514" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4529.json b/2009/4xxx/CVE-2009-4529.json index 035c1046a7d..6dfef5454ff 100644 --- a/2009/4xxx/CVE-2009-4529.json +++ b/2009/4xxx/CVE-2009-4529.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freetexthost.com/n5l0h34pxc", - "refsource" : "MISC", - "url" : "http://freetexthost.com/n5l0h34pxc" - }, - { - "name" : "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html", - "refsource" : "MISC", - "url" : "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html" - }, - { - "name" : "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt" - }, - { - "name" : "36705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36705" - }, - { - "name" : "58949", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58949" - }, - { - "name" : "37014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37014" - }, - { - "name" : "ADV-2009-2927", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2927" - }, - { - "name" : "navicopa-source-information-disclosure(53799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37014" + }, + { + "name": "ADV-2009-2927", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2927" + }, + { + "name": "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html", + "refsource": "MISC", + "url": "http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html" + }, + { + "name": "navicopa-source-information-disclosure(53799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53799" + }, + { + "name": "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt" + }, + { + "name": "http://freetexthost.com/n5l0h34pxc", + "refsource": "MISC", + "url": "http://freetexthost.com/n5l0h34pxc" + }, + { + "name": "36705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36705" + }, + { + "name": "58949", + "refsource": "OSVDB", + "url": "http://osvdb.org/58949" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4573.json b/2009/4xxx/CVE-2009-4573.json index 2022d0da27b..00a4d319018 100644 --- a/2009/4xxx/CVE-2009-4573.json +++ b/2009/4xxx/CVE-2009-4573.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "61343", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61343" - }, - { - "name" : "61344", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61344" - }, - { - "name" : "61345", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61345" - }, - { - "name" : "61346", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61346" - }, - { - "name" : "37994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37994" - }, - { - "name" : "joomulus-tagcloud-xss(55156)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61343", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61343" + }, + { + "name": "joomulus-tagcloud-xss(55156)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55156" + }, + { + "name": "61344", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61344" + }, + { + "name": "37994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37994" + }, + { + "name": "61346", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61346" + }, + { + "name": "61345", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61345" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4619.json b/2009/4xxx/CVE-2009-4619.json index 112ea5a87d3..6b29eea199c 100644 --- a/2009/4xxx/CVE-2009-4619.json +++ b/2009/4xxx/CVE-2009-4619.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9614", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9614" - }, - { - "name" : "36334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36334" - }, - { - "name" : "lucygames-index-sql-injection(53117)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lucygames-index-sql-injection(53117)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53117" + }, + { + "name": "9614", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9614" + }, + { + "name": "36334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36334" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0192.json b/2015/0xxx/CVE-2015-0192.json index fedcea7b52c..76bd011a177 100644 --- a/2015/0xxx/CVE-2015-0192.json +++ b/2015/0xxx/CVE-2015-0192.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" - }, - { - "name" : "IV70682", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70682" - }, - { - "name" : "IV70683", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70683" - }, - { - "name" : "RHSA-2015:1006", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1006.html" - }, - { - "name" : "RHSA-2015:1007", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1007.html" - }, - { - "name" : "RHSA-2015:1020", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1020.html" - }, - { - "name" : "RHSA-2015:1021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1021.html" - }, - { - "name" : "RHSA-2015:1091", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1091.html" - }, - { - "name" : "SUSE-SU-2015:1085", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" - }, - { - "name" : "SUSE-SU-2015:1086", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:1138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1161", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" - }, - { - "name" : "SUSE-SU-2015:1073", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1007", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html" + }, + { + "name": "RHSA-2015:1006", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html" + }, + { + "name": "IV70683", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70683" + }, + { + "name": "RHSA-2015:1091", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" + }, + { + "name": "SUSE-SU-2015:1138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" + }, + { + "name": "RHSA-2015:1020", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html" + }, + { + "name": "SUSE-SU-2015:1086", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" + }, + { + "name": "IV70682", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70682" + }, + { + "name": "SUSE-SU-2015:1085", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" + }, + { + "name": "RHSA-2015:1021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html" + }, + { + "name": "SUSE-SU-2015:1073", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html" + }, + { + "name": "SUSE-SU-2015:1161", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0426.json b/2015/0xxx/CVE-2015-0426.json index 0481b69c977..7eba3b43042 100644 --- a/2015/0xxx/CVE-2015-0426.json +++ b/2015/0xxx/CVE-2015-0426.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.3 and 12.1.0.4 allows remote attackers to affect confidentiality via unknown vectors related to UI Framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.3 and 12.1.0.4 allows remote attackers to affect confidentiality via unknown vectors related to UI Framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "72235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72235" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0822.json b/2015/0xxx/CVE-2015-0822.json index 84e8b10ab3f..a468913b619 100644 --- a/2015/0xxx/CVE-2015-0822.json +++ b/2015/0xxx/CVE-2015-0822.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-24.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1110557", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1110557" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3174", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3174" - }, - { - "name" : "DSA-3179", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3179" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2015:0265", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0265.html" - }, - { - "name" : "RHSA-2015:0266", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0266.html" - }, - { - "name" : "RHSA-2015:0642", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0642.html" - }, - { - "name" : "SUSE-SU-2015:0412", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:0447", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0448", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html" - }, - { - "name" : "openSUSE-SU-2015:0404", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:0567", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html" - }, - { - "name" : "openSUSE-SU-2015:0570", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "USN-2505-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2505-1" - }, - { - "name" : "USN-2506-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2506-1" - }, - { - "name" : "72756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72756" - }, - { - "name" : "1031791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031791" - }, - { - "name" : "1031792", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html" + }, + { + "name": "SUSE-SU-2015:0447", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html" + }, + { + "name": "RHSA-2015:0642", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0642.html" + }, + { + "name": "openSUSE-SU-2015:0448", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html" + }, + { + "name": "USN-2506-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2506-1" + }, + { + "name": "openSUSE-SU-2015:0567", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "openSUSE-SU-2015:0404", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" + }, + { + "name": "RHSA-2015:0265", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0265.html" + }, + { + "name": "1031792", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031792" + }, + { + "name": "DSA-3174", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3174" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "DSA-3179", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3179" + }, + { + "name": "RHSA-2015:0266", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0266.html" + }, + { + "name": "1031791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031791" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-24.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-24.html" + }, + { + "name": "72756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72756" + }, + { + "name": "openSUSE-SU-2015:0570", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" + }, + { + "name": "USN-2505-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2505-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1110557", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1110557" + }, + { + "name": "SUSE-SU-2015:0412", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1045.json b/2015/1xxx/CVE-2015-1045.json index fd39e20ddd7..9dec1565a63 100644 --- a/2015/1xxx/CVE-2015-1045.json +++ b/2015/1xxx/CVE-2015-1045.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1045", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1045", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1131.json b/2015/1xxx/CVE-2015-1131.json index 60bcb88d5fa..deb5c3b2517 100644 --- a/2015/1xxx/CVE-2015-1131.json +++ b/2015/1xxx/CVE-2015-1131.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "73982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73982" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "73982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73982" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1256.json b/2015/1xxx/CVE-2015-1256.json index d12d5bcd305..0cbaa278ec5 100644 --- a/2015/1xxx/CVE-2015-1256.json +++ b/2015/1xxx/CVE-2015-1256.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=478549", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=478549" - }, - { - "name" : "https://codereview.chromium.org/1098913004", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1098913004" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=194421&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=194421&view=revision" - }, - { - "name" : "DSA-3267", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3267" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "openSUSE-SU-2015:1877", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html" - }, - { - "name" : "openSUSE-SU-2015:0969", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html" - }, - { - "name" : "74723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74723" - }, - { - "name" : "1032375", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0969", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html" + }, + { + "name": "https://codereview.chromium.org/1098913004", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1098913004" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "openSUSE-SU-2015:1877", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html" + }, + { + "name": "1032375", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032375" + }, + { + "name": "DSA-3267", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3267" + }, + { + "name": "74723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74723" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=194421&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=194421&view=revision" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=478549", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=478549" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1286.json b/2015/1xxx/CVE-2015-1286.json index a84d4291151..1ca69475d0b 100644 --- a/2015/1xxx/CVE-2015-1286.json +++ b/2015/1xxx/CVE-2015-1286.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink \"Universal XSS (UXSS).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=504011", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=504011" - }, - { - "name" : "https://codereview.chromium.org/1231803002/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1231803002/" - }, - { - "name" : "https://codereview.chromium.org/1235863003/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1235863003/" - }, - { - "name" : "DSA-3315", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3315" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink \"Universal XSS (UXSS).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "https://codereview.chromium.org/1235863003/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1235863003/" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=504011", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=504011" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "https://codereview.chromium.org/1231803002/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1231803002/" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "DSA-3315", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3315" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1813.json b/2015/1xxx/CVE-2015-1813.json index c1eb82759a4..8f1a4b01cb3 100644 --- a/2015/1xxx/CVE-2015-1813.json +++ b/2015/1xxx/CVE-2015-1813.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205615" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23" - }, - { - "name" : "RHSA-2015:1844", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1844.html" - }, - { - "name" : "RHSA-2016:0070", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205615" + }, + { + "name": "RHSA-2016:0070", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0070" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23" + }, + { + "name": "RHSA-2015:1844", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1844.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5735.json b/2015/5xxx/CVE-2015-5735.json index bc4a8966249..488d375f0d7 100644 --- a/2015/5xxx/CVE-2015-5735.json +++ b/2015/5xxx/CVE-2015-5735.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536369/100/0/threaded" - }, - { - "name" : "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/0" - }, - { - "name" : "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities" - }, - { - "name" : "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html" - }, - { - "name" : "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient" - }, - { - "name" : "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient", - "refsource" : "CONFIRM", - "url" : "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient" - }, - { - "name" : "1033439", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities" + }, + { + "name": "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html" + }, + { + "name": "1033439", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033439" + }, + { + "name": "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient" + }, + { + "name": "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536369/100/0/threaded" + }, + { + "name": "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient", + "refsource": "CONFIRM", + "url": "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient" + }, + { + "name": "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/0" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5786.json b/2015/5xxx/CVE-2015-5786.json index 143d2de257b..3f863023c77 100644 --- a/2015/5xxx/CVE-2015-5786.json +++ b/2015/5xxx/CVE-2015-5786.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205046", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205046" - }, - { - "name" : "APPLE-SA-2015-08-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00004.html" - }, - { - "name" : "1033346", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205046", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205046" + }, + { + "name": "1033346", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033346" + }, + { + "name": "APPLE-SA-2015-08-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5836.json b/2015/5xxx/CVE-2015-5836.json index 2c249f2c8d4..cc0136547b6 100644 --- a/2015/5xxx/CVE-2015-5836.json +++ b/2015/5xxx/CVE-2015-5836.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3314.json b/2018/3xxx/CVE-2018-3314.json index b3b57f2993d..65d70cfcf41 100644 --- a/2018/3xxx/CVE-2018-3314.json +++ b/2018/3xxx/CVE-2018-3314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3314", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3314", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3530.json b/2018/3xxx/CVE-2018-3530.json index 4769e575959..393cf746bed 100644 --- a/2018/3xxx/CVE-2018-3530.json +++ b/2018/3xxx/CVE-2018-3530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3530", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3530", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3537.json b/2018/3xxx/CVE-2018-3537.json index e5928507247..e7685039ce4 100644 --- a/2018/3xxx/CVE-2018-3537.json +++ b/2018/3xxx/CVE-2018-3537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3537", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3537", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3715.json b/2018/3xxx/CVE-2018-3715.json index 673324f2986..f3f3ff27a58 100644 --- a/2018/3xxx/CVE-2018-3715.json +++ b/2018/3xxx/CVE-2018-3715.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "glance node module", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 3.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "glance node module", + "version": { + "version_data": [ + { + "version_value": "Versions before 3.0.4" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jarofghosts/glance/commit/8cfd88e44ebd3f07e3a2eaf376a3e758b6c4ca19", - "refsource" : "MISC", - "url" : "https://github.com/jarofghosts/glance/commit/8cfd88e44ebd3f07e3a2eaf376a3e758b6c4ca19" - }, - { - "name" : "https://hackerone.com/reports/310106", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/310106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/310106", + "refsource": "MISC", + "url": "https://hackerone.com/reports/310106" + }, + { + "name": "https://github.com/jarofghosts/glance/commit/8cfd88e44ebd3f07e3a2eaf376a3e758b6c4ca19", + "refsource": "MISC", + "url": "https://github.com/jarofghosts/glance/commit/8cfd88e44ebd3f07e3a2eaf376a3e758b6c4ca19" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6148.json b/2018/6xxx/CVE-2018-6148.json index d50b166b80a..45bb7f9e3a2 100644 --- a/2018/6xxx/CVE-2018-6148.json +++ b/2018/6xxx/CVE-2018-6148.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6148", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6148", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6336.json b/2018/6xxx/CVE-2018-6336.json index c6a588596d9..6faec615a04 100644 --- a/2018/6xxx/CVE-2018-6336.json +++ b/2018/6xxx/CVE-2018-6336.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@fb.com", - "DATE_ASSIGNED" : "2018-04-26", - "ID" : "CVE-2018-6336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "osquery", - "version" : { - "version_data" : [ - { - "version_affected" : "!=>", - "version_value" : "3.2.7" - }, - { - "version_affected" : "<", - "version_value" : "3.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Facebook" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Features (CWE-254)" - } + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2018-04-26", + "ID": "CVE-2018-6336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "osquery", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "3.2.7" + }, + { + "version_affected": "<", + "version_value": "3.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/", - "refsource" : "MISC", - "url" : "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Features (CWE-254)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/", + "refsource": "MISC", + "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6362.json b/2018/6xxx/CVE-2018-6362.json index 80ca6b2e4f7..fd2e8b6f863 100644 --- a/2018/6xxx/CVE-2018-6362.json +++ b/2018/6xxx/CVE-2018-6362.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-XSS-COOKIE-THEFT.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-XSS-COOKIE-THEFT.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/147554/Easy-Hosting-Control-Panel-0.37.12.b-Cross-Site-Scripting-Cookie-Theft.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147554/Easy-Hosting-Control-Panel-0.37.12.b-Cross-Site-Scripting-Cookie-Theft.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-XSS-COOKIE-THEFT.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-XSS-COOKIE-THEFT.txt" + }, + { + "name": "http://packetstormsecurity.com/files/147554/Easy-Hosting-Control-Panel-0.37.12.b-Cross-Site-Scripting-Cookie-Theft.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147554/Easy-Hosting-Control-Panel-0.37.12.b-Cross-Site-Scripting-Cookie-Theft.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7340.json b/2018/7xxx/CVE-2018-7340.json index 5ca54bd74df..541cfef8564 100644 --- a/2018/7xxx/CVE-2018-7340.json +++ b/2018/7xxx/CVE-2018-7340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7434.json b/2018/7xxx/CVE-2018-7434.json index cb41c0b059e..bafa61e0721 100644 --- a/2018/7xxx/CVE-2018-7434.json +++ b/2018/7xxx/CVE-2018-7434.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kongxin520/zzcms/blob/master/zzcms_8.2_bug.md", - "refsource" : "MISC", - "url" : "https://github.com/kongxin520/zzcms/blob/master/zzcms_8.2_bug.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kongxin520/zzcms/blob/master/zzcms_8.2_bug.md", + "refsource": "MISC", + "url": "https://github.com/kongxin520/zzcms/blob/master/zzcms_8.2_bug.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7732.json b/2018/7xxx/CVE-2018-7732.json index bb712c60b36..00b6faf22c6 100644 --- a/2018/7xxx/CVE-2018-7732.json +++ b/2018/7xxx/CVE-2018-7732.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SQYY/CVE/blob/master/YxtCMF_S.txt", - "refsource" : "MISC", - "url" : "https://github.com/SQYY/CVE/blob/master/YxtCMF_S.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SQYY/CVE/blob/master/YxtCMF_S.txt", + "refsource": "MISC", + "url": "https://github.com/SQYY/CVE/blob/master/YxtCMF_S.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7956.json b/2018/7xxx/CVE-2018-7956.json index 7e65fe597db..ba918be5394 100644 --- a/2018/7xxx/CVE-2018-7956.json +++ b/2018/7xxx/CVE-2018-7956.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Huawei VIP App", - "version" : { - "version_data" : [ - { - "version_value" : "versions before 4.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information leakage" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Huawei VIP App", + "version": { + "version_data": [ + { + "version_value": "versions before 4.0.5" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8448.json b/2018/8xxx/CVE-2018-8448.json index 02d9726396e..5d7d8888ec5 100644 --- a/2018/8xxx/CVE-2018-8448.json +++ b/2018/8xxx/CVE-2018-8448.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Exchange Server", - "version" : { - "version_data" : [ - { - "version_value" : "2013 Cumulative Update 21" - }, - { - "version_value" : "2016 Cumulative Update 10" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_value": "2013 Cumulative Update 21" + }, + { + "version_value": "2016 Cumulative Update 10" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448" - }, - { - "name" : "105492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105492" - }, - { - "name" : "1041836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448" + }, + { + "name": "1041836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041836" + }, + { + "name": "105492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105492" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8554.json b/2018/8xxx/CVE-2018-8554.json index f0d1bbd3ee0..9919985c306 100644 --- a/2018/8xxx/CVE-2018-8554.json +++ b/2018/8xxx/CVE-2018-8554.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka \"DirectX Elevation of Privilege Vulnerability.\" This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8554", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8554" - }, - { - "name" : "105811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105811" - }, - { - "name" : "1042135", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka \"DirectX Elevation of Privilege Vulnerability.\" This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8554", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8554" + }, + { + "name": "105811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105811" + }, + { + "name": "1042135", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042135" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8727.json b/2018/8xxx/CVE-2018-8727.json index e60071b1a4b..808e80c84a6 100644 --- a/2018/8xxx/CVE-2018-8727.json +++ b/2018/8xxx/CVE-2018-8727.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.onvio.nl/nieuws/cve-mirasys-vulnerability", - "refsource" : "MISC", - "url" : "https://www.onvio.nl/nieuws/cve-mirasys-vulnerability" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.onvio.nl/nieuws/cve-mirasys-vulnerability", + "refsource": "MISC", + "url": "https://www.onvio.nl/nieuws/cve-mirasys-vulnerability" + } + ] + } +} \ No newline at end of file