diff --git a/2005/0xxx/CVE-2005-0135.json b/2005/0xxx/CVE-2005-0135.json index 4304b2ed17b..7f22946f4ec 100644 --- a/2005/0xxx/CVE-2005-0135.json +++ b/2005/0xxx/CVE-2005-0135.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1070" - }, - { - "name" : "DSA-1067", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1067" - }, - { - "name" : "DSA-1069", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1069" - }, - { - "name" : "DSA-1082", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1082" - }, - { - "name" : "RHSA-2005:284", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-284.html" - }, - { - "name" : "RHSA-2005:366", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg", - "refsource" : "CONFIRM", - "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg" - }, - { - "name" : "RHSA-2005:293", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-293.html" - }, - { - "name" : "13266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13266" - }, - { - "name" : "oval:org.mitre.oval:def:9040", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9040" - }, - { - "name" : "15019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15019" - }, - { - "name" : "20163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20163" - }, - { - "name" : "20202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20202" - }, - { - "name" : "20338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20163" + }, + { + "name": "15019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15019" + }, + { + "name": "DSA-1082", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1082" + }, + { + "name": "RHSA-2005:366", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-366.html" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868" + }, + { + "name": "DSA-1070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1070" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg", + "refsource": "CONFIRM", + "url": "http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg" + }, + { + "name": "oval:org.mitre.oval:def:9040", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9040" + }, + { + "name": "DSA-1067", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1067" + }, + { + "name": "DSA-1069", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1069" + }, + { + "name": "13266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13266" + }, + { + "name": "RHSA-2005:293", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-293.html" + }, + { + "name": "RHSA-2005:284", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-284.html" + }, + { + "name": "20202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20202" + }, + { + "name": "20338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20338" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0505.json b/2005/0xxx/CVE-2005-0505.json index 0f36834d3c0..a4ad568d1c4 100644 --- a/2005/0xxx/CVE-2005-0505.json +++ b/2005/0xxx/CVE-2005-0505.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have \"potentially serious\" impact, related to LDAP logins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=306629", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=306629" - }, - { - "name" : "14342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14342" - }, - { - "name" : "irm-ldap-security-bypass(19419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have \"potentially serious\" impact, related to LDAP logins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14342" + }, + { + "name": "irm-ldap-security-bypass(19419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19419" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=306629", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=306629" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0875.json b/2005/0xxx/CVE-2005-0875.json index 0519de64164..466527cdfa5 100644 --- a/2005/0xxx/CVE-2005-0875.json +++ b/2005/0xxx/CVE-2005-0875.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050324 LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111171416802350&w=2" - }, - { - "name" : "14689", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14689", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14689" + }, + { + "name": "20050324 LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111171416802350&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0897.json b/2005/0xxx/CVE-2005-0897.json index a898410b38c..0ca1cc51fac 100644 --- a/2005/0xxx/CVE-2005-0897.json +++ b/2005/0xxx/CVE-2005-0897.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050325 File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111186424600509&w=2" - }, - { - "name" : "12910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050325 File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111186424600509&w=2" + }, + { + "name": "12910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12910" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0994.json b/2005/0xxx/CVE-2005-0994.json index 6b58cccfdc7..36db68a668e 100644 --- a/2005/0xxx/CVE-2005-0994.json +++ b/2005/0xxx/CVE-2005-0994.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://digitalparadox.org/advisories/prodcart.txt", - "refsource" : "MISC", - "url" : "http://digitalparadox.org/advisories/prodcart.txt" - }, - { - "name" : "12990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12990" - }, - { - "name" : "15263", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15263" - }, - { - "name" : "15265", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15265" - }, - { - "name" : "14833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15263", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15263" + }, + { + "name": "14833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14833" + }, + { + "name": "15265", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15265" + }, + { + "name": "12990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12990" + }, + { + "name": "http://digitalparadox.org/advisories/prodcart.txt", + "refsource": "MISC", + "url": "http://digitalparadox.org/advisories/prodcart.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1006.json b/2005/1xxx/CVE-2005-1006.json index d9092350575..b5d905e58ea 100644 --- a/2005/1xxx/CVE-2005-1006.json +++ b/2005/1xxx/CVE-2005-1006.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050404 SonicWALL SOHO/10 - XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html" - }, - { - "name" : "http://www.oliverkarow.de/research/SonicWall.txt", - "refsource" : "MISC", - "url" : "http://www.oliverkarow.de/research/SonicWall.txt" - }, - { - "name" : "12984", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12984" - }, - { - "name" : "15261", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15261" - }, - { - "name" : "15262", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15262" - }, - { - "name" : "1013638", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013638" - }, - { - "name" : "14823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14823" - }, - { - "name" : "sonicwall-http-get-requests-xss(19958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958" - }, - { - "name" : "sonicwall-username-code-execution(19960)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oliverkarow.de/research/SonicWall.txt", + "refsource": "MISC", + "url": "http://www.oliverkarow.de/research/SonicWall.txt" + }, + { + "name": "14823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14823" + }, + { + "name": "sonicwall-username-code-execution(19960)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960" + }, + { + "name": "15261", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15261" + }, + { + "name": "20050404 SonicWALL SOHO/10 - XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html" + }, + { + "name": "12984", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12984" + }, + { + "name": "sonicwall-http-get-requests-xss(19958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958" + }, + { + "name": "1013638", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013638" + }, + { + "name": "15262", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15262" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1236.json b/2005/1xxx/CVE-2005-1236.json index 9a4fb5459ac..51fad70b069 100644 --- a/2005/1xxx/CVE-2005-1236.json +++ b/2005/1xxx/CVE-2005-1236.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitalparadox.org/advisories/dup.txt", - "refsource" : "MISC", - "url" : "http://www.digitalparadox.org/advisories/dup.txt" - }, - { - "name" : "13288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13288" - }, - { - "name" : "15044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.digitalparadox.org/advisories/dup.txt", + "refsource": "MISC", + "url": "http://www.digitalparadox.org/advisories/dup.txt" + }, + { + "name": "15044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15044" + }, + { + "name": "13288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13288" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1727.json b/2005/1xxx/CVE-2005-1727.json index c4e3045f5ff..168e50e2b67 100644 --- a/2005/1xxx/CVE-2005-1727.json +++ b/2005/1xxx/CVE-2005-1727.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via \"file race conditions.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-06-08", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via \"file race conditions.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-06-08", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1978.json b/2005/1xxx/CVE-2005-1978.json index 4c3a698e44f..2f4061f175c 100644 --- a/2005/1xxx/CVE-2005-1978.json +++ b/2005/1xxx/CVE-2005-1978.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "COM+ in Microsoft Windows does not properly \"create and use memory structures,\" which allows local users or remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2005-1978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" - }, - { - "name" : "MS05-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051" - }, - { - "name" : "TA05-284A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-284A.html" - }, - { - "name" : "VU#950516", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/950516" - }, - { - "name" : "15057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15057" - }, - { - "name" : "oval:org.mitre.oval:def:1261", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1261" - }, - { - "name" : "oval:org.mitre.oval:def:1269", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1269" - }, - { - "name" : "oval:org.mitre.oval:def:1466", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1466" - }, - { - "name" : "oval:org.mitre.oval:def:1499", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1499" - }, - { - "name" : "oval:org.mitre.oval:def:576", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A576" - }, - { - "name" : "oval:org.mitre.oval:def:816", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A816" - }, - { - "name" : "17161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17161" - }, - { - "name" : "17172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17172" - }, - { - "name" : "17223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17223" - }, - { - "name" : "17509", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "COM+ in Microsoft Windows does not properly \"create and use memory structures,\" which allows local users or remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17161" + }, + { + "name": "oval:org.mitre.oval:def:576", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A576" + }, + { + "name": "oval:org.mitre.oval:def:1261", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1261" + }, + { + "name": "oval:org.mitre.oval:def:1269", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1269" + }, + { + "name": "MS05-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051" + }, + { + "name": "15057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15057" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" + }, + { + "name": "17223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17223" + }, + { + "name": "17172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17172" + }, + { + "name": "oval:org.mitre.oval:def:1499", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1499" + }, + { + "name": "VU#950516", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/950516" + }, + { + "name": "oval:org.mitre.oval:def:816", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A816" + }, + { + "name": "17509", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17509" + }, + { + "name": "TA05-284A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-284A.html" + }, + { + "name": "oval:org.mitre.oval:def:1466", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1466" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4021.json b/2005/4xxx/CVE-2005-4021.json index 37616229eef..78b7bc00591 100644 --- a/2005/4xxx/CVE-2005-4021.json +++ b/2005/4xxx/CVE-2005-4021.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051130 Gallery 2.x Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418200/100/0/threaded" - }, - { - "name" : "15614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15614" - }, - { - "name" : "ADV-2005-2681", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15614" + }, + { + "name": "20051130 Gallery 2.x Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded" + }, + { + "name": "ADV-2005-2681", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2681" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4249.json b/2005/4xxx/CVE-2005-4249.json index 69a3283df55..a4d7b7649fc 100644 --- a/2005/4xxx/CVE-2005-4249.json +++ b/2005/4xxx/CVE-2005-4249.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051213 ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419393/100/0/threaded" - }, - { - "name" : "http://www.blogcu.com/Liz0ziM/144336/", - "refsource" : "MISC", - "url" : "http://www.blogcu.com/Liz0ziM/144336/" - }, - { - "name" : "18027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18027" - }, - { - "name" : "253", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18027" + }, + { + "name": "20051213 ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419393/100/0/threaded" + }, + { + "name": "253", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/253" + }, + { + "name": "http://www.blogcu.com/Liz0ziM/144336/", + "refsource": "MISC", + "url": "http://www.blogcu.com/Liz0ziM/144336/" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4330.json b/2005/4xxx/CVE-2005-4330.json index 46532aa3c95..c144b3cf937 100644 --- a/2005/4xxx/CVE-2005-4330.json +++ b/2005/4xxx/CVE-2005-4330.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/ihtml-merchant-mall-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/ihtml-merchant-mall-sql-inj.html" - }, - { - "name" : "15910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15910" - }, - { - "name" : "ADV-2005-2968", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2968" - }, - { - "name" : "21830", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21830" - }, - { - "name" : "18073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21830", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21830" + }, + { + "name": "15910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15910" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/ihtml-merchant-mall-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/ihtml-merchant-mall-sql-inj.html" + }, + { + "name": "18073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18073" + }, + { + "name": "ADV-2005-2968", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2968" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4452.json b/2005/4xxx/CVE-2005-4452.json index 91c5c9be191..d55a380199e 100644 --- a/2005/4xxx/CVE-2005-4452.json +++ b/2005/4xxx/CVE-2005-4452.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18159", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18159" - }, - { - "name" : "informationcallcenter-mdb-info-disclosure(23862)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18159", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18159" + }, + { + "name": "informationcallcenter-mdb-info-disclosure(23862)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23862" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0508.json b/2009/0xxx/CVE-2009-0508.json index f43973f241b..241ee502532 100644 --- a/2009/0xxx/CVE-2009-0508.json +++ b/2009/0xxx/CVE-2009-0508.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21380233", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21380233" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21380376", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21380376" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876" - }, - { - "name" : "PK81387", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387" - }, - { - "name" : "34104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34104" - }, - { - "name" : "34283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34283" - }, - { - "name" : "34876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34876" - }, - { - "name" : "ADV-2009-0704", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0704" - }, - { - "name" : "ADV-2009-1188", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1188" - }, - { - "name" : "ADV-2009-1464", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1464" - }, - { - "name" : "websphere-web-app-information-disclosure(49085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34876" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456" + }, + { + "name": "34283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34283" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21380233", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21380233" + }, + { + "name": "ADV-2009-1188", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1188" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876" + }, + { + "name": "PK81387", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387" + }, + { + "name": "ADV-2009-1464", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1464" + }, + { + "name": "34104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34104" + }, + { + "name": "ADV-2009-0704", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0704" + }, + { + "name": "websphere-web-app-information-disclosure(49085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49085" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21380376", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21380376" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0604.json b/2009/0xxx/CVE-2009-0604.json index ef933088464..b6e643cd620 100644 --- a/2009/0xxx/CVE-2009-0604.json +++ b/2009/0xxx/CVE-2009-0604.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8014", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8014" - }, - { - "name" : "33694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33694" - }, - { - "name" : "ADV-2009-0379", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8014", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8014" + }, + { + "name": "ADV-2009-0379", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0379" + }, + { + "name": "33694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33694" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0753.json b/2009/0xxx/CVE-2009-0753.json index 6e0a2aed644..a0749987ec0 100644 --- a/2009/0xxx/CVE-2009-0753.json +++ b/2009/0xxx/CVE-2009-0753.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading \"//\" (double slash) in the filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8097", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8097" - }, - { - "name" : "[oss-security] 20090223 CVE request: mldonkey arbitrary file download vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/23/1" - }, - { - "name" : "http://savannah.nongnu.org/bugs/?25667", - "refsource" : "CONFIRM", - "url" : "http://savannah.nongnu.org/bugs/?25667" - }, - { - "name" : "DSA-1739", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1739" - }, - { - "name" : "FEDORA-2009-2703", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00542.html" - }, - { - "name" : "FEDORA-2009-2758", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00617.html" - }, - { - "name" : "GLSA-200903-36", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200903-36.xml" - }, - { - "name" : "33865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33865" - }, - { - "name" : "34008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34008" - }, - { - "name" : "34306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34306" - }, - { - "name" : "34345", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34345" - }, - { - "name" : "34436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading \"//\" (double slash) in the filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8097", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8097" + }, + { + "name": "FEDORA-2009-2703", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00542.html" + }, + { + "name": "34008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34008" + }, + { + "name": "FEDORA-2009-2758", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00617.html" + }, + { + "name": "34436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34436" + }, + { + "name": "[oss-security] 20090223 CVE request: mldonkey arbitrary file download vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/23/1" + }, + { + "name": "http://savannah.nongnu.org/bugs/?25667", + "refsource": "CONFIRM", + "url": "http://savannah.nongnu.org/bugs/?25667" + }, + { + "name": "GLSA-200903-36", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-36.xml" + }, + { + "name": "33865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33865" + }, + { + "name": "34345", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34345" + }, + { + "name": "DSA-1739", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1739" + }, + { + "name": "34306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34306" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0808.json b/2009/0xxx/CVE-2009-0808.json index 856fac98498..4914067ebf8 100644 --- a/2009/0xxx/CVE-2009-0808.json +++ b/2009/0xxx/CVE-2009-0808.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=661656&group_id=245458", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=661656&group_id=245458" - }, - { - "name" : "ADV-2009-0490", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0490" - }, - { - "name" : "simplecmms-unspecified-sql-injection(48883)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=661656&group_id=245458", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=661656&group_id=245458" + }, + { + "name": "simplecmms-unspecified-sql-injection(48883)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48883" + }, + { + "name": "ADV-2009-0490", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0490" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1193.json b/2009/1xxx/CVE-2009-1193.json index aa366a0d615..fdbe8d7503d 100644 --- a/2009/1xxx/CVE-2009-1193.json +++ b/2009/1xxx/CVE-2009-1193.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1193", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-1193", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1532.json b/2009/1xxx/CVE-2009-1532.json index be42c98ce1a..49faf63f702 100644 --- a/2009/1xxx/CVE-2009-1532.json +++ b/2009/1xxx/CVE-2009-1532.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via \"malformed row property references\" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"HTML Objects Memory Corruption Vulnerability\" or \"HTML Object Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090610 ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504208/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-041", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-041" - }, - { - "name" : "MS09-019", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" - }, - { - "name" : "TA09-160A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" - }, - { - "name" : "54951", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54951" - }, - { - "name" : "oval:org.mitre.oval:def:6244", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244" - }, - { - "name" : "1022350", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022350" - }, - { - "name" : "ADV-2009-1538", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via \"malformed row property references\" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"HTML Objects Memory Corruption Vulnerability\" or \"HTML Object Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54951", + "refsource": "OSVDB", + "url": "http://osvdb.org/54951" + }, + { + "name": "20090610 ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504208/100/0/threaded" + }, + { + "name": "ADV-2009-1538", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1538" + }, + { + "name": "MS09-019", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-041", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-041" + }, + { + "name": "oval:org.mitre.oval:def:6244", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244" + }, + { + "name": "TA09-160A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" + }, + { + "name": "1022350", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022350" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1678.json b/2009/1xxx/CVE-2009-1678.json index de0d796da09..9b40f37bf07 100644 --- a/2009/1xxx/CVE-2009-1678.json +++ b/2009/1xxx/CVE-2009-1678.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090512 Bitweaver <= 2.6 /boards/boards_rss.php / saveFeed() remote code execution exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503435" - }, - { - "name" : "8659", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8659" - }, - { - "name" : "34910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34910" - }, - { - "name" : "35057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35057" + }, + { + "name": "34910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34910" + }, + { + "name": "20090512 Bitweaver <= 2.6 /boards/boards_rss.php / saveFeed() remote code execution exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503435" + }, + { + "name": "8659", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8659" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1851.json b/2009/1xxx/CVE-2009-1851.json index 088bf75f28a..b56c494d10c 100644 --- a/2009/1xxx/CVE-2009-1851.json +++ b/2009/1xxx/CVE-2009-1851.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35125" - }, - { - "name" : "ADV-2009-1432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35125" + }, + { + "name": "ADV-2009-1432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1432" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3249.json b/2009/3xxx/CVE-2009-3249.json index 71b29dac770..12645142c5b 100644 --- a/2009/3xxx/CVE-2009-3249.json +++ b/2009/3xxx/CVE-2009-3249.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts, (5) Contacts, (6) HelpDesk, (7) Leads, (8) Potentials, (9) Products, or (10) Vendors module, reachable through index.php and related to modules/Import/index.php and multiple Import.php files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090818 Vtiger CRM 5.0.4 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=125060676515670&w=2" - }, - { - "name" : "9450", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9450" - }, - { - "name" : "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/" - }, - { - "name" : "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt" - }, - { - "name" : "36062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36062" - }, - { - "name" : "57239", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/57239" - }, - { - "name" : "36309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36309" - }, - { - "name" : "8118", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8118" - }, - { - "name" : "ADV-2009-2319", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts, (5) Contacts, (6) HelpDesk, (7) Leads, (8) Potentials, (9) Products, or (10) Vendors module, reachable through index.php and related to modules/Import/index.php and multiple Import.php files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/" + }, + { + "name": "8118", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8118" + }, + { + "name": "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt" + }, + { + "name": "57239", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/57239" + }, + { + "name": "9450", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9450" + }, + { + "name": "20090818 Vtiger CRM 5.0.4 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=125060676515670&w=2" + }, + { + "name": "36062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36062" + }, + { + "name": "36309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36309" + }, + { + "name": "ADV-2009-2319", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2319" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3848.json b/2009/3xxx/CVE-2009-3848.json index 35ddba89861..c21cf93c42f 100644 --- a/2009/3xxx/CVE-2009-3848.json +++ b/2009/3xxx/CVE-2009-3848.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2009-3848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091209 ZDI-09-096: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508346/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-09-096/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-09-096/" - }, - { - "name" : "HPSBMA02483", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" - }, - { - "name" : "SSRT090129", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" - }, - { - "name" : "SSRT090257", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126046355120442&w=2" - }, - { - "name" : "37261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37261" - }, - { - "name" : "37296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37296" - }, - { - "name" : "hpovnnm-vsprintf-bo(54653)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hpovnnm-vsprintf-bo(54653)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54653" + }, + { + "name": "37296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37296" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-09-096/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-09-096/" + }, + { + "name": "37261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37261" + }, + { + "name": "SSRT090257", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126046355120442&w=2" + }, + { + "name": "20091209 ZDI-09-096: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508346/100/0/threaded" + }, + { + "name": "SSRT090129", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" + }, + { + "name": "HPSBMA02483", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4018.json b/2009/4xxx/CVE-2009-4018.json index 9c061faaf0f..637d7433abb 100644 --- a/2009/4xxx/CVE-2009-4018.json +++ b/2009/4xxx/CVE-2009-4018.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091122 Re: CVE request: php 5.3.1 update", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125886770008678&w=2" - }, - { - "name" : "[oss-security] 20091123 Re: CVE request: php 5.3.1 - proc_open() bypass PHP Bug #49026 [was: Re: CVE request: php 5.3.1 update]", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125897935330618&w=2" - }, - { - "name" : "[oss-security] 20091123 Re: CVE request: php 5.3.1 - proc_open() bypass PHP Bug #49026 [was: Re: CVE request: php 5.3.1 update]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/23/15" - }, - { - "name" : "http://bugs.php.net/bug.php?id=49026", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=49026" - }, - { - "name" : "http://svn.php.net/viewvc/?view=revision&revision=286360", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/?view=revision&revision=286360" - }, - { - "name" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360" - }, - { - "name" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "HPSBUX02543", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127680701405735&w=2" - }, - { - "name" : "SSRT100152", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127680701405735&w=2" - }, - { - "name" : "HPSBMA02568", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" - }, - { - "name" : "SSRT100219", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" - }, - { - "name" : "MDVSA-2009:303", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303" - }, - { - "name" : "37138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37138" - }, - { - "name" : "oval:org.mitre.oval:def:7256", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7256" - }, - { - "name" : "40262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40262" - }, - { - "name" : "41480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41480" - }, - { - "name" : "41490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40262" + }, + { + "name": "oval:org.mitre.oval:def:7256", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7256" + }, + { + "name": "HPSBUX02543", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127680701405735&w=2" + }, + { + "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360" + }, + { + "name": "[oss-security] 20091123 Re: CVE request: php 5.3.1 - proc_open() bypass PHP Bug #49026 [was: Re: CVE request: php 5.3.1 update]", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125897935330618&w=2" + }, + { + "name": "41490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41490" + }, + { + "name": "[oss-security] 20091123 Re: CVE request: php 5.3.1 - proc_open() bypass PHP Bug #49026 [was: Re: CVE request: php 5.3.1 update]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/23/15" + }, + { + "name": "HPSBMA02568", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "37138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37138" + }, + { + "name": "http://bugs.php.net/bug.php?id=49026", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=49026" + }, + { + "name": "SSRT100219", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" + }, + { + "name": "41480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41480" + }, + { + "name": "[oss-security] 20091122 Re: CVE request: php 5.3.1 update", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125886770008678&w=2" + }, + { + "name": "SSRT100152", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127680701405735&w=2" + }, + { + "name": "http://svn.php.net/viewvc/?view=revision&revision=286360", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/?view=revision&revision=286360" + }, + { + "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360" + }, + { + "name": "MDVSA-2009:303", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4040.json b/2009/4xxx/CVE-2009-4040.json index 4ce66708797..351e92efcca 100644 --- a/2009/4xxx/CVE-2009-4040.json +++ b/2009/4xxx/CVE-2009-4040.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyfaq.de/advisory_2009-09-01.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyfaq.de/advisory_2009-09-01.php" - }, - { - "name" : "37354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37354" - }, - { - "name" : "ADV-2009-3241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3241" + }, + { + "name": "37354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37354" + }, + { + "name": "http://www.phpmyfaq.de/advisory_2009-09-01.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyfaq.de/advisory_2009-09-01.php" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4395.json b/2009/4xxx/CVE-2009-4395.json index 9d25066cfe1..9ddd4642174 100644 --- a/2009/4xxx/CVE-2009-4395.json +++ b/2009/4xxx/CVE-2009-4395.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4530.json b/2009/4xxx/CVE-2009-4530.json index 82552b5d21c..f198b57e937 100644 --- a/2009/4xxx/CVE-2009-4530.json +++ b/2009/4xxx/CVE-2009-4530.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt" - }, - { - "name" : "36934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36934" + }, + { + "name": "http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4565.json b/2009/4xxx/CVE-2009-4565.json index 5534b1a3a66..9f22bbb966b 100644 --- a/2009/4xxx/CVE-2009-4565.json +++ b/2009/4xxx/CVE-2009-4565.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sendmail before 8.14.4 does not properly handle a '\\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sendmail.org/releases/8.14.4", - "refsource" : "CONFIRM", - "url" : "http://www.sendmail.org/releases/8.14.4" - }, - { - "name" : "DSA-1985", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1985" - }, - { - "name" : "GLSA-201206-30", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-30.xml" - }, - { - "name" : "HPSBUX02508", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126953289726317&w=2" - }, - { - "name" : "SSRT100007", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126953289726317&w=2" - }, - { - "name" : "RHSA-2011:0262", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0262.html" - }, - { - "name" : "1021797", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1" - }, - { - "name" : "SUSE-SR:2010:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" - }, - { - "name" : "37543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37543" - }, - { - "name" : "oval:org.mitre.oval:def:10255", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255" - }, - { - "name" : "oval:org.mitre.oval:def:11822", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822" - }, - { - "name" : "37998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37998" - }, - { - "name" : "38314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38314" - }, - { - "name" : "38915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38915" - }, - { - "name" : "39088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39088" - }, - { - "name" : "40109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40109" - }, - { - "name" : "43366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43366" - }, - { - "name" : "ADV-2009-3661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3661" - }, - { - "name" : "ADV-2010-1386", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1386" - }, - { - "name" : "ADV-2010-0719", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0719" - }, - { - "name" : "ADV-2011-0415", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sendmail before 8.14.4 does not properly handle a '\\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38314" + }, + { + "name": "GLSA-201206-30", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-30.xml" + }, + { + "name": "1021797", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1" + }, + { + "name": "39088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39088" + }, + { + "name": "ADV-2009-3661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3661" + }, + { + "name": "37998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37998" + }, + { + "name": "37543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37543" + }, + { + "name": "ADV-2011-0415", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0415" + }, + { + "name": "43366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43366" + }, + { + "name": "SUSE-SR:2010:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:10255", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255" + }, + { + "name": "http://www.sendmail.org/releases/8.14.4", + "refsource": "CONFIRM", + "url": "http://www.sendmail.org/releases/8.14.4" + }, + { + "name": "HPSBUX02508", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126953289726317&w=2" + }, + { + "name": "ADV-2010-0719", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0719" + }, + { + "name": "RHSA-2011:0262", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0262.html" + }, + { + "name": "DSA-1985", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1985" + }, + { + "name": "oval:org.mitre.oval:def:11822", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822" + }, + { + "name": "SSRT100007", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126953289726317&w=2" + }, + { + "name": "40109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40109" + }, + { + "name": "38915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38915" + }, + { + "name": "ADV-2010-1386", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1386" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4594.json b/2009/4xxx/CVE-2009-4594.json index 7cb43ced767..e3f1b6592c6 100644 --- a/2009/4xxx/CVE-2009-4594.json +++ b/2009/4xxx/CVE-2009-4594.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27015942", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27015942" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27016085", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27016085" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27017776", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27017776" - }, - { - "name" : "domino-web-access-unspecified(55548)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "domino-web-access-unspecified(55548)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55548" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27015942", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015942" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27016085", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016085" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4944.json b/2009/4xxx/CVE-2009-4944.json index 1a023fddb0a..fc5cf7ff3a5 100644 --- a/2009/4xxx/CVE-2009-4944.json +++ b/2009/4xxx/CVE-2009-4944.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "54799", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/54799" - }, - { - "name" : "54800", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/54800" - }, - { - "name" : "35173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35173" - }, - { - "name" : "acollab-profile-xss(50834)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "acollab-profile-xss(50834)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50834" + }, + { + "name": "35173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35173" + }, + { + "name": "54799", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/54799" + }, + { + "name": "54800", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/54800" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2068.json b/2012/2xxx/CVE-2012-2068.json index 6f36b488505..13d55c9a98a 100644 --- a/2012/2xxx/CVE-2012-2068.json +++ b/2012/2xxx/CVE-2012-2068.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1482744", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1482744" - }, - { - "name" : "http://drupal.org/node/1417688", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1417688" - }, - { - "name" : "http://drupalcode.org/project/fancy_slide.git/commit/cd2a424", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/fancy_slide.git/commit/cd2a424" - }, - { - "name" : "52513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52513" - }, - { - "name" : "80069", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80069" - }, - { - "name" : "48412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48412" - }, - { - "name" : "fancyslide-createslideshowblocks-xss(74070)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fancyslide-createslideshowblocks-xss(74070)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74070" + }, + { + "name": "52513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52513" + }, + { + "name": "80069", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80069" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "48412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48412" + }, + { + "name": "http://drupalcode.org/project/fancy_slide.git/commit/cd2a424", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/fancy_slide.git/commit/cd2a424" + }, + { + "name": "http://drupal.org/node/1417688", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1417688" + }, + { + "name": "http://drupal.org/node/1482744", + "refsource": "MISC", + "url": "http://drupal.org/node/1482744" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2306.json b/2012/2xxx/CVE-2012-2306.json index f3b912af327..45c58514368 100644 --- a/2012/2xxx/CVE-2012-2306.json +++ b/2012/2xxx/CVE-2012-2306.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120502 CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/1" - }, - { - "name" : "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/2" - }, - { - "name" : "http://drupal.org/node/1557868", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1557868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2" + }, + { + "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1" + }, + { + "name": "http://drupal.org/node/1557868", + "refsource": "MISC", + "url": "http://drupal.org/node/1557868" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2693.json b/2012/2xxx/CVE-2012-2693.json index addd958169d..266fbde7062 100644 --- a/2012/2xxx/CVE-2012-2693.json +++ b/2012/2xxx/CVE-2012-2693.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support", - "refsource" : "MLIST", - "url" : "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html" - }, - { - "name" : "[oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/11/2" - }, - { - "name" : "[oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/11/3" - }, - { - "name" : "RHSA-2012:0748", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0748.html" - }, - { - "name" : "RHSA-2013:0127", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0127.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/11/3" + }, + { + "name": "RHSA-2013:0127", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html" + }, + { + "name": "[libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support", + "refsource": "MLIST", + "url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html" + }, + { + "name": "RHSA-2012:0748", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html" + }, + { + "name": "[oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/11/2" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2763.json b/2012/2xxx/CVE-2012-2763.json index 4200f73e15b..5885449bbad 100644 --- a/2012/2xxx/CVE-2012-2763.json +++ b/2012/2xxx/CVE-2012-2763.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120530 ScriptFu Server Buffer Overflow in GIMP <= 2.6", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/31/1" - }, - { - "name" : "[oss-security] 20120630 Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/01/1" - }, - { - "name" : "http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html", - "refsource" : "MISC", - "url" : "http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html" - }, - { - "name" : "http://git.gnome.org/browse/gimp/commit/?h=gimp-2-6&id=744f7a4a2b5acb8b531a6f5dd8744ebb95348fc2", - "refsource" : "CONFIRM", - "url" : "http://git.gnome.org/browse/gimp/commit/?h=gimp-2-6&id=744f7a4a2b5acb8b531a6f5dd8744ebb95348fc2" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=679215", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=679215" - }, - { - "name" : "GLSA-201209-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-23.xml" - }, - { - "name" : "openSUSE-SU-2012:1080", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html" - }, - { - "name" : "openSUSE-SU-2012:1131", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html" - }, - { - "name" : "50737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" + }, + { + "name": "http://git.gnome.org/browse/gimp/commit/?h=gimp-2-6&id=744f7a4a2b5acb8b531a6f5dd8744ebb95348fc2", + "refsource": "CONFIRM", + "url": "http://git.gnome.org/browse/gimp/commit/?h=gimp-2-6&id=744f7a4a2b5acb8b531a6f5dd8744ebb95348fc2" + }, + { + "name": "[oss-security] 20120630 Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/01/1" + }, + { + "name": "openSUSE-SU-2012:1080", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html" + }, + { + "name": "openSUSE-SU-2012:1131", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html" + }, + { + "name": "50737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50737" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=679215", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=679215" + }, + { + "name": "http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html", + "refsource": "MISC", + "url": "http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html" + }, + { + "name": "[oss-security] 20120530 ScriptFu Server Buffer Overflow in GIMP <= 2.6", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/31/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3137.json b/2012/3xxx/CVE-2012-3137.json index 3234b103fd1..9014e9d7a9d 100644 --- a/2012/3xxx/CVE-2012-3137.json +++ b/2012/3xxx/CVE-2012-3137.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka \"stealth password cracking vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "22069", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/22069" - }, - { - "name" : "http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/", - "refsource" : "MISC", - "url" : "http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/" - }, - { - "name" : "http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular", - "refsource" : "MISC", - "url" : "http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular" - }, - { - "name" : "http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html", - "refsource" : "MISC", - "url" : "http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "55651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka \"stealth password cracking vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html", + "refsource": "MISC", + "url": "http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "22069", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/22069" + }, + { + "name": "http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular", + "refsource": "MISC", + "url": "http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular" + }, + { + "name": "http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/", + "refsource": "MISC", + "url": "http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "55651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55651" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6059.json b/2012/6xxx/CVE-2012-6059.json index 0f16981430c..ec24f477b24 100644 --- a/2012/6xxx/CVE-2012-6059.json +++ b/2012/6xxx/CVE-2012-6059.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-isakmp.c?r1=45510&r2=45509&pathrev=45510", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-isakmp.c?r1=45510&r2=45509&pathrev=45510" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45510", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45510" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-35.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-35.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7855", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7855" - }, - { - "name" : "openSUSE-SU-2012:1633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html" - }, - { - "name" : "openSUSE-SU-2013:0151", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:15239", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-35.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-35.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-isakmp.c?r1=45510&r2=45509&pathrev=45510", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-isakmp.c?r1=45510&r2=45509&pathrev=45510" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7855", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7855" + }, + { + "name": "openSUSE-SU-2012:1633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45510", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45510" + }, + { + "name": "oval:org.mitre.oval:def:15239", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15239" + }, + { + "name": "openSUSE-SU-2013:0151", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6287.json b/2012/6xxx/CVE-2012-6287.json index f088695b335..eb5ef66f376 100644 --- a/2012/6xxx/CVE-2012-6287.json +++ b/2012/6xxx/CVE-2012-6287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6287", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6287", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6467.json b/2012/6xxx/CVE-2012-6467.json index c2c6d9a6925..5a586083b97 100644 --- a/2012/6xxx/CVE-2012-6467.json +++ b/2012/6xxx/CVE-2012-6467.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/unified/1210/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unified/1210/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1034/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1034/" - }, - { - "name" : "57132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/support/kb/view/1034/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1034/" + }, + { + "name": "57132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57132" + }, + { + "name": "http://www.opera.com/docs/changelogs/unified/1210/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unified/1210/" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6705.json b/2012/6xxx/CVE-2012-6705.json index 0d251258c0a..9da32df12f3 100644 --- a/2012/6xxx/CVE-2012-6705.json +++ b/2012/6xxx/CVE-2012-6705.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://st2tea.blogspot.com/2012/02/jamroom-cross-site-scripting.html", - "refsource" : "MISC", - "url" : "http://st2tea.blogspot.com/2012/02/jamroom-cross-site-scripting.html" - }, - { - "name" : "52073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52073" + }, + { + "name": "http://st2tea.blogspot.com/2012/02/jamroom-cross-site-scripting.html", + "refsource": "MISC", + "url": "http://st2tea.blogspot.com/2012/02/jamroom-cross-site-scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1119.json b/2015/1xxx/CVE-2015-1119.json index 371176be066..16bf0fcacfe 100644 --- a/2015/1xxx/CVE-2015-1119.json +++ b/2015/1xxx/CVE-2015-1119.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204658", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204658" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-04-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "73972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73972" - }, - { - "name" : "1032047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204658", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204658" + }, + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "APPLE-SA-2015-04-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html" + }, + { + "name": "73972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73972" + }, + { + "name": "1032047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032047" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1127.json b/2015/1xxx/CVE-2015-1127.json index 8eb3afc0c1d..73e80ff60a2 100644 --- a/2015/1xxx/CVE-2015-1127.json +++ b/2015/1xxx/CVE-2015-1127.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204658", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204658" - }, - { - "name" : "APPLE-SA-2015-04-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:0915", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" - }, - { - "name" : "USN-2937-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2937-1" - }, - { - "name" : "1032047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204658", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204658" + }, + { + "name": "APPLE-SA-2015-04-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html" + }, + { + "name": "1032047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032047" + }, + { + "name": "openSUSE-SU-2016:0915", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" + }, + { + "name": "USN-2937-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2937-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1147.json b/2015/1xxx/CVE-2015-1147.json index 0e3be5ec8bb..7c2d4f87684 100644 --- a/2015/1xxx/CVE-2015-1147.json +++ b/2015/1xxx/CVE-2015-1147.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "73982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73982" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "73982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73982" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1905.json b/2015/1xxx/CVE-2015-1905.json index e81e6aee407..3b3a6d86141 100644 --- a/2015/1xxx/CVE-2015-1905.json +++ b/2015/1xxx/CVE-2015-1905.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700717", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700717" - }, - { - "name" : "JR52772", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772" - }, - { - "name" : "75977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75977" - }, - { - "name" : "1033002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75977" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700717", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700717" + }, + { + "name": "JR52772", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772" + }, + { + "name": "1033002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033002" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5311.json b/2015/5xxx/CVE-2015-5311.json index 1c77400cf22..17ccffe392f 100644 --- a/2015/5xxx/CVE-2015-5311.json +++ b/2015/5xxx/CVE-2015-5311.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151109 PowerDNS Security Announcement 2015-03", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/09/3" - }, - { - "name" : "https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/", - "refsource" : "CONFIRM", - "url" : "https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/" - }, - { - "name" : "FEDORA-2015-8b8d94ebbb", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html" - }, - { - "name" : "FEDORA-2015-1d49176aa1", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171976.html" - }, - { - "name" : "FEDORA-2015-a3965fd800", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172193.html" - }, - { - "name" : "1034098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20151109 PowerDNS Security Announcement 2015-03", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/09/3" + }, + { + "name": "FEDORA-2015-a3965fd800", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172193.html" + }, + { + "name": "1034098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034098" + }, + { + "name": "FEDORA-2015-1d49176aa1", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171976.html" + }, + { + "name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/", + "refsource": "CONFIRM", + "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/" + }, + { + "name": "FEDORA-2015-8b8d94ebbb", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5381.json b/2015/5xxx/CVE-2015-5381.json index 3fb1450eb64..c0b14bbcc71 100644 --- a/2015/5xxx/CVE-2015-5381.json +++ b/2015/5xxx/CVE-2015-5381.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150706 Re: CVE request for vulnerabilities fixed in roundcubemail 1.1.2 and 1.0.6", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/07/2" - }, - { - "name" : "http://trac.roundcube.net/ticket/1490417", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/ticket/1490417" - }, - { - "name" : "https://github.com/roundcube/roundcubemail/commit/b782815dacda55eee6793249b5da1789256206fc", - "refsource" : "CONFIRM", - "url" : "https://github.com/roundcube/roundcubemail/commit/b782815dacda55eee6793249b5da1789256206fc" - }, - { - "name" : "https://github.com/roundcube/roundcubemail/issues/4837", - "refsource" : "CONFIRM", - "url" : "https://github.com/roundcube/roundcubemail/issues/4837" - }, - { - "name" : "https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released", - "refsource" : "CONFIRM", - "url" : "https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150706 Re: CVE request for vulnerabilities fixed in roundcubemail 1.1.2 and 1.0.6", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/07/2" + }, + { + "name": "http://trac.roundcube.net/ticket/1490417", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/ticket/1490417" + }, + { + "name": "https://github.com/roundcube/roundcubemail/issues/4837", + "refsource": "CONFIRM", + "url": "https://github.com/roundcube/roundcubemail/issues/4837" + }, + { + "name": "https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released", + "refsource": "CONFIRM", + "url": "https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released" + }, + { + "name": "https://github.com/roundcube/roundcubemail/commit/b782815dacda55eee6793249b5da1789256206fc", + "refsource": "CONFIRM", + "url": "https://github.com/roundcube/roundcubemail/commit/b782815dacda55eee6793249b5da1789256206fc" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5664.json b/2015/5xxx/CVE-2015-5664.json index 65ebd0700e1..f18cb0adc74 100644 --- a/2015/5xxx/CVE-2015-5664.json +++ b/2015/5xxx/CVE-2015-5664.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qnap.com/i/en/support/con_show.php?cid=93", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/i/en/support/con_show.php?cid=93" - }, - { - "name" : "JVN#42930233", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN42930233/index.html" - }, - { - "name" : "JVNDB-2016-000119", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000119" - }, - { - "name" : "1036123", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qnap.com/i/en/support/con_show.php?cid=93", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/i/en/support/con_show.php?cid=93" + }, + { + "name": "JVN#42930233", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN42930233/index.html" + }, + { + "name": "JVNDB-2016-000119", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000119" + }, + { + "name": "1036123", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036123" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5762.json b/2015/5xxx/CVE-2015-5762.json index a6aa5df9b2e..c62801c15bd 100644 --- a/2015/5xxx/CVE-2015-5762.json +++ b/2015/5xxx/CVE-2015-5762.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5762", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5762", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11128.json b/2018/11xxx/CVE-2018-11128.json index e43dfabd2b4..25ceb568853 100644 --- a/2018/11xxx/CVE-2018-11128.json +++ b/2018/11xxx/CVE-2018-11128.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180516 PDFParser vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/44" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180516 PDFParser vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/44" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11207.json b/2018/11xxx/CVE-2018-11207.json index 17ca88841bd..6b4813394c4 100644 --- a/2018/11xxx/CVE-2018-11207.json +++ b/2018/11xxx/CVE-2018-11207.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5#divided-by-zero---divbyzero__h5d_chunk_poc", - "refsource" : "MISC", - "url" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5#divided-by-zero---divbyzero__h5d_chunk_poc" - }, - { - "name" : "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5", - "refsource" : "MISC", - "url" : "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5", + "refsource": "MISC", + "url": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5" + }, + { + "name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5#divided-by-zero---divbyzero__h5d_chunk_poc", + "refsource": "MISC", + "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5#divided-by-zero---divbyzero__h5d_chunk_poc" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11408.json b/2018/11xxx/CVE-2018-11408.json index 3fb44874631..86197833bc8 100644 --- a/2018/11xxx/CVE-2018-11408.json +++ b/2018/11xxx/CVE-2018-11408.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190310 [SECURITY] [DLA 1707-1] symfony security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html" - }, - { - "name" : "https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers", - "refsource" : "CONFIRM", - "url" : "https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers" - }, - { - "name" : "FEDORA-2018-96d770ddc9", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/" - }, - { - "name" : "FEDORA-2018-ba0b683c10", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/" - }, - { - "name" : "FEDORA-2018-eba0006df2", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers", + "refsource": "CONFIRM", + "url": "https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers" + }, + { + "name": "FEDORA-2018-96d770ddc9", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/" + }, + { + "name": "FEDORA-2018-ba0b683c10", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/" + }, + { + "name": "FEDORA-2018-eba0006df2", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/" + }, + { + "name": "[debian-lts-announce] 20190310 [SECURITY] [DLA 1707-1] symfony security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11514.json b/2018/11xxx/CVE-2018-11514.json index 3e68ee1a851..2f86fd89d4d 100644 --- a/2018/11xxx/CVE-2018-11514.json +++ b/2018/11xxx/CVE-2018-11514.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://whitehatck01.blogspot.com/2018/02/naukri-clone-script-303-file-upload.html", - "refsource" : "MISC", - "url" : "https://whitehatck01.blogspot.com/2018/02/naukri-clone-script-303-file-upload.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://whitehatck01.blogspot.com/2018/02/naukri-clone-script-303-file-upload.html", + "refsource": "MISC", + "url": "https://whitehatck01.blogspot.com/2018/02/naukri-clone-script-303-file-upload.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15063.json b/2018/15xxx/CVE-2018-15063.json index 8c20b01e1f0..fe152da056d 100644 --- a/2018/15xxx/CVE-2018-15063.json +++ b/2018/15xxx/CVE-2018-15063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15063", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15063", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15740.json b/2018/15xxx/CVE-2018-15740.json index 878b12277bd..8cd780b8bac 100644 --- a/2018/15xxx/CVE-2018-15740.json +++ b/2018/15xxx/CVE-2018-15740.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the \"Workflow Delegation\" \"Requester Roles\" screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45256", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45256/" - }, - { - "name" : "http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html" - }, - { - "name" : "https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ", - "refsource" : "MISC", - "url" : "https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ" - }, - { - "name" : "https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr", - "refsource" : "MISC", - "url" : "https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the \"Workflow Delegation\" \"Requester Roles\" screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45256", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45256/" + }, + { + "name": "https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ", + "refsource": "MISC", + "url": "https://drive.google.com/open?id=0Bw8rxEHEov76a0hwbFFVLVRMMjYxc05VV2JYc21NLXJiSHhJ" + }, + { + "name": "https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr", + "refsource": "MISC", + "url": "https://drive.google.com/open?id=0Bw8rxEHEov76cUVxZUxWS3lIanZ1VjhxSVBhdHBHUmJ1dmhr" + }, + { + "name": "http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149097/ManageEngine-ADManager-Plus-6.5.7-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3137.json b/2018/3xxx/CVE-2018-3137.json index 675842dce96..9d854bdc2eb 100644 --- a/2018/3xxx/CVE-2018-3137.json +++ b/2018/3xxx/CVE-2018-3137.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "105607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105607" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "105607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105607" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3143.json b/2018/3xxx/CVE-2018-3143.json index a02ee48e5e1..596d6bfdfed 100644 --- a/2018/3xxx/CVE-2018-3143.json +++ b/2018/3xxx/CVE-2018-3143.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.41 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.23 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.41 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.23 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "DSA-4341", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4341" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3799-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3799-1/" - }, - { - "name" : "105600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105600" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4341", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4341" + }, + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "105600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105600" + }, + { + "name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html" + }, + { + "name": "USN-3799-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3799-1/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3562.json b/2018/3xxx/CVE-2018-3562.json index a91b7cebefc..905d04877a3 100644 --- a/2018/3xxx/CVE-2018-3562.json +++ b/2018/3xxx/CVE-2018-3562.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2018-3562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2018-3562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3596.json b/2018/3xxx/CVE-2018-3596.json index a559e5f070c..8690d850662 100644 --- a/2018/3xxx/CVE-2018-3596.json +++ b/2018/3xxx/CVE-2018-3596.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2018-3596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Potential issues related to migration from 32 to 64 bit in legacy wlan code" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2018-3596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential issues related to migration from 32 to 64 bit in legacy wlan code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7393.json b/2018/7xxx/CVE-2018-7393.json index 76a0b791b7a..c4445a36d95 100644 --- a/2018/7xxx/CVE-2018-7393.json +++ b/2018/7xxx/CVE-2018-7393.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7393", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7393", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7602.json b/2018/7xxx/CVE-2018-7602.json index 4a4f5bf9717..e11a3ef50c1 100644 --- a/2018/7xxx/CVE-2018-7602.json +++ b/2018/7xxx/CVE-2018-7602.json @@ -1,140 +1,140 @@ { - "CVE_data_meta" : { - "AKA" : "", - "ASSIGNER" : "mlhess@drupal.org", - "DATE_PUBLIC" : "", - "ID" : "CVE-2018-7602", - "STATE" : "PUBLIC", - "TITLE" : "Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "core", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.59" - }, - { - "affected" : "<", - "version_value" : "8.5.3" - }, - { - "affected" : "<", - "version_value" : "8.4.8" - } - ] - } - } - ] - }, - "vendor_name" : "Drupal" - } - ] - } - }, - "configuration" : [], - "credit" : [ - { - "lang" : "eng", - "value" : "Reported By: \nDavid Rothstein of the Drupal Security Team\nAlex Pott of the Drupal Security Team\nHeine Deelstra of the Drupal Security Team\nJasper Mattsson\nFixed By: \nDavid Rothstein of the Drupal Security Team\nxjm of the Drupal Security Team\nSamuel Mortenson of the Drupal Security Team\nAlex Pott of the Drupal Security Team\nLee Rowlands of the Drupal Security Team\nHeine Deelstra of the Drupal Security Team\nPere Orga of the Drupal Security Team\nPeter Wolanin of the Drupal Security Team\nTim Plunkett\nMichael Hess of the Drupal Security Team\nNate Lampton\nJasper Mattsson\nNeil Drumm of the Drupal Security Team\nCash Williams of the Drupal Security Team\nDaniel Wehner" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild." - } - ] - }, - "exploit" : [], - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "PHYSICAL", - "availabilityImpact" : "NONE", - "baseScore" : 0, - "baseSeverity" : "NONE", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code Execution" - } + "CVE_data_meta": { + "AKA": "", + "ASSIGNER": "security@drupal.org", + "DATE_PUBLIC": "", + "ID": "CVE-2018-7602", + "STATE": "PUBLIC", + "TITLE": "Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "core", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.59" + }, + { + "affected": "<", + "version_value": "8.5.3" + }, + { + "affected": "<", + "version_value": "8.4.8" + } + ] + } + } + ] + }, + "vendor_name": "Drupal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44542", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44542/" - }, - { - "name" : "44557", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44557/" - }, - { - "name" : "[debian-lts-announce] 20180426 [SECURITY] [DLA 1365-1] drupal7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html" - }, - { - "name" : "https://www.drupal.org/sa-core-2018-004", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/sa-core-2018-004" - }, - { - "name" : "DSA-4180", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4180" - }, - { - "name" : "103985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103985" - }, - { - "name" : "1040754", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040754" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Solution: \nUpgrade to the most recent version of Drupal 7 or 8 core.\n\nIf you are running 7.x, upgrade to Drupal 7.59.\nIf you are running 8.5.x, upgrade to Drupal 8.5.3.\nIf you are running 8.4.x, upgrade to Drupal 8.4.8. (Drupal 8.4.x is no longer supported and we don't normally provide security releases for unsupported minor releases. However, we are providing this 8.4.x release so that sites can update as quickly as possible. You should update to 8.4.8 immediately, then update to 8.5.3 or the latest secure release as soon as possible.)\nIf you are unable to update immediately, or if you are running a Drupal distribution that does not yet include this security release, you can attempt to apply the patch below to fix the vulnerability until you are able to update completely:\n\nPatch for Drupal 8.x (8.5.x and below)\nPatch for Drupal 7.x\nThese patches will only work if your site already has the fix from SA-CORE-2018-002 applied. (If your site does not have that fix, it may already be compromised.)" - } - ], - "source" : { - "advisory" : "sa-core-2018-004", - "defect" : [], - "discovery" : "UNKNOWN" - }, - "work_around" : [] -} + } + }, + "configuration": [], + "credit": [ + { + "lang": "eng", + "value": "Reported By: \nDavid Rothstein of the Drupal Security Team\nAlex Pott of the Drupal Security Team\nHeine Deelstra of the Drupal Security Team\nJasper Mattsson\nFixed By: \nDavid Rothstein of the Drupal Security Team\nxjm of the Drupal Security Team\nSamuel Mortenson of the Drupal Security Team\nAlex Pott of the Drupal Security Team\nLee Rowlands of the Drupal Security Team\nHeine Deelstra of the Drupal Security Team\nPere Orga of the Drupal Security Team\nPeter Wolanin of the Drupal Security Team\nTim Plunkett\nMichael Hess of the Drupal Security Team\nNate Lampton\nJasper Mattsson\nNeil Drumm of the Drupal Security Team\nCash Williams of the Drupal Security Team\nDaniel Wehner" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild." + } + ] + }, + "exploit": [], + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 0, + "baseSeverity": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44557", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44557/" + }, + { + "name": "1040754", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040754" + }, + { + "name": "[debian-lts-announce] 20180426 [SECURITY] [DLA 1365-1] drupal7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html" + }, + { + "name": "44542", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44542/" + }, + { + "name": "DSA-4180", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4180" + }, + { + "name": "https://www.drupal.org/sa-core-2018-004", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/sa-core-2018-004" + }, + { + "name": "103985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103985" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Solution: \nUpgrade to the most recent version of Drupal 7 or 8 core.\n\nIf you are running 7.x, upgrade to Drupal 7.59.\nIf you are running 8.5.x, upgrade to Drupal 8.5.3.\nIf you are running 8.4.x, upgrade to Drupal 8.4.8. (Drupal 8.4.x is no longer supported and we don't normally provide security releases for unsupported minor releases. However, we are providing this 8.4.x release so that sites can update as quickly as possible. You should update to 8.4.8 immediately, then update to 8.5.3 or the latest secure release as soon as possible.)\nIf you are unable to update immediately, or if you are running a Drupal distribution that does not yet include this security release, you can attempt to apply the patch below to fix the vulnerability until you are able to update completely:\n\nPatch for Drupal 8.x (8.5.x and below)\nPatch for Drupal 7.x\nThese patches will only work if your site already has the fix from SA-CORE-2018-002 applied. (If your site does not have that fix, it may already be compromised.)" + } + ], + "source": { + "advisory": "sa-core-2018-004", + "defect": [], + "discovery": "UNKNOWN" + }, + "work_around": [] +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8235.json b/2018/8xxx/CVE-2018-8235.json index d6d64ed3d75..51eac4e1a24 100644 --- a/2018/8xxx/CVE-2018-8235.json +++ b/2018/8xxx/CVE-2018-8235.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8235", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8235" - }, - { - "name" : "104343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104343" - }, - { - "name" : "1041097", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104343" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8235", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8235" + }, + { + "name": "1041097", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041097" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8273.json b/2018/8xxx/CVE-2018-8273.json index 1d9c788ddbc..fa66cd5e773 100644 --- a/2018/8xxx/CVE-2018-8273.json +++ b/2018/8xxx/CVE-2018-8273.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SQL Server", - "version" : { - "version_data" : [ - { - "version_value" : "2016 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "2016 for x64-based Systems Service Pack 1 (CU)" - }, - { - "version_value" : "2016 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "2016 for x64-based Systems Service Pack 2 (CU)" - }, - { - "version_value" : "2017 for x64-based Systems" - }, - { - "version_value" : "2017 for x64-based Systems (CU)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka \"Microsoft SQL Server Remote Code Execution Vulnerability.\" This affects Microsoft SQL Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SQL Server", + "version": { + "version_data": [ + { + "version_value": "2016 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2016 for x64-based Systems Service Pack 1 (CU)" + }, + { + "version_value": "2016 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2016 for x64-based Systems Service Pack 2 (CU)" + }, + { + "version_value": "2017 for x64-based Systems" + }, + { + "version_value": "2017 for x64-based Systems (CU)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273" - }, - { - "name" : "104967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104967" - }, - { - "name" : "1041467", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka \"Microsoft SQL Server Remote Code Execution Vulnerability.\" This affects Microsoft SQL Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041467", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041467" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273" + }, + { + "name": "104967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104967" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8627.json b/2018/8xxx/CVE-2018-8627.json index 52b353a1437..81358c74d9a 100644 --- a/2018/8xxx/CVE-2018-8627.json +++ b/2018/8xxx/CVE-2018-8627.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2016 for Mac" - }, - { - "version_value" : "2019 for 32-bit editions" - }, - { - "version_value" : "2019 for 64-bit editions" - }, - { - "version_value" : "2019 for Mac" - }, - { - "version_value" : "Compatibility Pack Service Pack 3" - } - ] - } - }, - { - "product_name" : "Microsoft Excel", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - } - ] - } - }, - { - "product_name" : "Microsoft Excel Viewer", - "version" : { - "version_data" : [ - { - "version_value" : "2007 Service Pack 3" - } - ] - } - }, - { - "product_name" : "Excel", - "version" : { - "version_data" : [ - { - "version_value" : "Services on Microsoft SharePoint Server 2010 Service Pack 2" - } - ] - } - }, - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "version_value" : "365 ProPlus for 32-bit Systems" - }, - { - "version_value" : "365 ProPlus for 64-bit Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2016 for Mac" + }, + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "Compatibility Pack Service Pack 3" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + } + ] + } + }, + { + "product_name": "Microsoft Excel Viewer", + "version": { + "version_data": [ + { + "version_value": "2007 Service Pack 3" + } + ] + } + }, + { + "product_name": "Excel", + "version": { + "version_data": [ + { + "version_value": "Services on Microsoft SharePoint Server 2010 Service Pack 2" + } + ] + } + }, + { + "product_name": "Office", + "version": { + "version_data": [ + { + "version_value": "365 ProPlus for 32-bit Systems" + }, + { + "version_value": "365 ProPlus for 64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627" - }, - { - "name" : "106120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627" + }, + { + "name": "106120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106120" + } + ] + } +} \ No newline at end of file