From 92be1976848120a69d3511127891b567ea0ac62f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:31:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0330.json | 170 ++++++------ 2005/0xxx/CVE-2005-0725.json | 130 +++++----- 2005/0xxx/CVE-2005-0914.json | 130 +++++----- 2005/0xxx/CVE-2005-0951.json | 34 +-- 2005/1xxx/CVE-2005-1342.json | 190 +++++++------- 2005/1xxx/CVE-2005-1764.json | 170 ++++++------ 2005/1xxx/CVE-2005-1892.json | 160 ++++++------ 2005/4xxx/CVE-2005-4104.json | 34 +-- 2005/4xxx/CVE-2005-4317.json | 200 +++++++-------- 2005/4xxx/CVE-2005-4791.json | 170 ++++++------ 2005/4xxx/CVE-2005-4847.json | 130 +++++----- 2009/0xxx/CVE-2009-0094.json | 210 +++++++-------- 2009/0xxx/CVE-2009-0904.json | 150 +++++------ 2009/1xxx/CVE-2009-1314.json | 130 +++++----- 2009/1xxx/CVE-2009-1909.json | 170 ++++++------ 2009/3xxx/CVE-2009-3716.json | 150 +++++------ 2009/4xxx/CVE-2009-4167.json | 130 +++++----- 2009/4xxx/CVE-2009-4187.json | 150 +++++------ 2009/4xxx/CVE-2009-4453.json | 150 +++++------ 2009/4xxx/CVE-2009-4504.json | 34 +-- 2009/4xxx/CVE-2009-4635.json | 270 ++++++++++---------- 2009/4xxx/CVE-2009-4878.json | 170 ++++++------ 2009/4xxx/CVE-2009-4997.json | 130 +++++----- 2012/2xxx/CVE-2012-2022.json | 130 +++++----- 2012/2xxx/CVE-2012-2117.json | 170 ++++++------ 2012/2xxx/CVE-2012-2352.json | 210 +++++++-------- 2012/2xxx/CVE-2012-2909.json | 150 +++++------ 2012/3xxx/CVE-2012-3229.json | 160 ++++++------ 2012/6xxx/CVE-2012-6253.json | 34 +-- 2012/6xxx/CVE-2012-6353.json | 34 +-- 2012/6xxx/CVE-2012-6359.json | 190 +++++++------- 2015/1xxx/CVE-2015-1516.json | 120 ++++----- 2015/1xxx/CVE-2015-1705.json | 140 +++++----- 2015/1xxx/CVE-2015-1831.json | 140 +++++----- 2015/5xxx/CVE-2015-5009.json | 200 +++++++-------- 2015/5xxx/CVE-2015-5157.json | 330 ++++++++++++------------ 2015/5xxx/CVE-2015-5283.json | 270 ++++++++++---------- 2015/5xxx/CVE-2015-5482.json | 150 +++++------ 2015/5xxx/CVE-2015-5605.json | 190 +++++++------- 2018/11xxx/CVE-2018-11142.json | 120 ++++----- 2018/11xxx/CVE-2018-11165.json | 140 +++++----- 2018/11xxx/CVE-2018-11659.json | 34 +-- 2018/11xxx/CVE-2018-11715.json | 130 +++++----- 2018/15xxx/CVE-2018-15249.json | 34 +-- 2018/15xxx/CVE-2018-15788.json | 34 +-- 2018/3xxx/CVE-2018-3185.json | 180 ++++++------- 2018/3xxx/CVE-2018-3376.json | 34 +-- 2018/3xxx/CVE-2018-3951.json | 122 ++++----- 2018/7xxx/CVE-2018-7018.json | 34 +-- 2018/8xxx/CVE-2018-8415.json | 454 ++++++++++++++++----------------- 2018/8xxx/CVE-2018-8917.json | 156 +++++------ 51 files changed, 3726 insertions(+), 3726 deletions(-) diff --git a/2005/0xxx/CVE-2005-0330.json b/2005/0xxx/CVE-2005-0330.json index 3a40aafff3e..2082ac3327a 100644 --- a/2005/0xxx/CVE-2005-0330.json +++ b/2005/0xxx/CVE-2005-0330.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050202 Limited buffer-overflow in Painkiller 1.35", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110736915015707&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/painkkeybof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/painkkeybof-adv.txt" - }, - { - "name" : "12423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12423" - }, - { - "name" : "1013066", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013066" - }, - { - "name" : "14113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14113/" - }, - { - "name" : "painkiller-long-cdkey-bo(19205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050202 Limited buffer-overflow in Painkiller 1.35", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110736915015707&w=2" + }, + { + "name": "painkiller-long-cdkey-bo(19205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19205" + }, + { + "name": "12423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12423" + }, + { + "name": "14113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14113/" + }, + { + "name": "1013066", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013066" + }, + { + "name": "http://aluigi.altervista.org/adv/painkkeybof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/painkkeybof-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0725.json b/2005/0xxx/CVE-2005-0725.json index df4cc783017..af7d1ff9052 100644 --- a/2005/0xxx/CVE-2005-0725.json +++ b/2005/0xxx/CVE-2005-0725.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050308 Wfsection 1.07 vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111049618519821&w=2" - }, - { - "name" : "wfsections-wfsfiles-sql-injection(19660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wfsections-wfsfiles-sql-injection(19660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19660" + }, + { + "name": "20050308 Wfsection 1.07 vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111049618519821&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0914.json b/2005/0xxx/CVE-2005-0914.json index 63461a5b565..94847d9b982 100644 --- a/2005/0xxx/CVE-2005-0914.json +++ b/2005/0xxx/CVE-2005-0914.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security.talte.net/content/view/252/46/", - "refsource" : "MISC", - "url" : "http://security.talte.net/content/view/252/46/" - }, - { - "name" : "1013573", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013573", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013573" + }, + { + "name": "http://security.talte.net/content/view/252/46/", + "refsource": "MISC", + "url": "http://security.talte.net/content/view/252/46/" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0951.json b/2005/0xxx/CVE-2005-0951.json index 09ac8d28864..dbac6053d00 100644 --- a/2005/0xxx/CVE-2005-0951.json +++ b/2005/0xxx/CVE-2005-0951.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0951", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate was created as a result of an analysis error for a researcher advisory for an issue that already existed. It stated an incorrect parameter, which was not part of the vulnerability at all. Notes: CVE users should not reference this candidate at all." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-0951", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate was created as a result of an analysis error for a researcher advisory for an issue that already existed. It stated an incorrect parameter, which was not part of the vulnerability at all. Notes: CVE users should not reference this candidate at all." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1342.json b/2005/1xxx/CVE-2005-1342.json index 4d99cb428d7..aafbdfa24a8 100644 --- a/2005/1xxx/CVE-2005-1342.json +++ b/2005/1xxx/CVE-2005-1342.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://remahl.se/david/vuln/011/", - "refsource" : "MISC", - "url" : "http://remahl.se/david/vuln/011/" - }, - { - "name" : "APPLE-SA-2005-05-03", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" - }, - { - "name" : "TA05-136A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" - }, - { - "name" : "VU#356070", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/356070" - }, - { - "name" : "13480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13480" - }, - { - "name" : "ADV-2005-0455", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0455" - }, - { - "name" : "16084", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16084" - }, - { - "name" : "15227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://remahl.se/david/vuln/011/", + "refsource": "MISC", + "url": "http://remahl.se/david/vuln/011/" + }, + { + "name": "13480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13480" + }, + { + "name": "TA05-136A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" + }, + { + "name": "16084", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16084" + }, + { + "name": "15227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15227" + }, + { + "name": "VU#356070", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/356070" + }, + { + "name": "ADV-2005-0455", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0455" + }, + { + "name": "APPLE-SA-2005-05-03", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1764.json b/2005/1xxx/CVE-2005-1764.json index a244d4c9717..45037c75cfc 100644 --- a/2005/1xxx/CVE-2005-1764.json +++ b/2005/1xxx/CVE-2005-1764.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug, which allows local users to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018b", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018b" - }, - { - "name" : "MDKSA-2005:220", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220" - }, - { - "name" : "SUSE-SA:2005:029", - "refsource" : "SUSE", - "url" : "http://freshmeat.net/articles/view/1678/" - }, - { - "name" : "13904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13904" - }, - { - "name" : "linux-kernel-guardpage-dos(43324)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug, which allows local users to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-kernel-guardpage-dos(43324)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43324" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b" + }, + { + "name": "MDKSA-2005:220", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220" + }, + { + "name": "13904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13904" + }, + { + "name": "SUSE-SA:2005:029", + "refsource": "SUSE", + "url": "http://freshmeat.net/articles/view/1678/" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018b", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018b" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1892.json b/2005/1xxx/CVE-2005-1892.json index c26f3bd6dc0..1e9acc42812 100644 --- a/2005/1xxx/CVE-2005-1892.json +++ b/2005/1xxx/CVE-2005-1892.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt", - "refsource" : "MISC", - "url" : "http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt" - }, - { - "name" : "http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256", - "refsource" : "CONFIRM", - "url" : "http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256" - }, - { - "name" : "ADV-2005-0697", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0697" - }, - { - "name" : "15603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15603" - }, - { - "name" : "1014114", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014114", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014114" + }, + { + "name": "15603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15603" + }, + { + "name": "http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt", + "refsource": "MISC", + "url": "http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt" + }, + { + "name": "ADV-2005-0697", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0697" + }, + { + "name": "http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256", + "refsource": "CONFIRM", + "url": "http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4104.json b/2005/4xxx/CVE-2005-4104.json index 47fda570e5e..4433fa45677 100644 --- a/2005/4xxx/CVE-2005-4104.json +++ b/2005/4xxx/CVE-2005-4104.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4104", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4104", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4317.json b/2005/4xxx/CVE-2005-4317.json index 7e9565756d3..0acd5a89f52 100644 --- a/2005/4xxx/CVE-2005-4317.json +++ b/2005/4xxx/CVE-2005-4317.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051214 LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419470/100/0/threaded" - }, - { - "name" : "http://rgod.altervista.org/limbo1042_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/limbo1042_xpl.html" - }, - { - "name" : "15871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15871/" - }, - { - "name" : "ADV-2005-2932", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2932" - }, - { - "name" : "21754", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21754" - }, - { - "name" : "21756", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21756" - }, - { - "name" : "1015364", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015364" - }, - { - "name" : "18063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18063/" - }, - { - "name" : "255", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18063/" + }, + { + "name": "21754", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21754" + }, + { + "name": "1015364", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015364" + }, + { + "name": "http://rgod.altervista.org/limbo1042_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/limbo1042_xpl.html" + }, + { + "name": "255", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/255" + }, + { + "name": "15871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15871/" + }, + { + "name": "20051214 LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419470/100/0/threaded" + }, + { + "name": "21756", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21756" + }, + { + "name": "ADV-2005-2932", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2932" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4791.json b/2005/4xxx/CVE-2005-4791.json index 473ef3f1029..69b7d60733d 100644 --- a/2005/4xxx/CVE-2005-4791.json +++ b/2005/4xxx/CVE-2005-4791.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=555823&group_id=87005", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=555823&group_id=87005" - }, - { - "name" : "SUSE-SR:2005:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_22_sr.html" - }, - { - "name" : "15040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15040" - }, - { - "name" : "ADV-2007-3965", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3965" - }, - { - "name" : "39580", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39580" - }, - { - "name" : "27771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39580", + "refsource": "OSVDB", + "url": "http://osvdb.org/39580" + }, + { + "name": "15040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15040" + }, + { + "name": "27771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27771" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=555823&group_id=87005", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=555823&group_id=87005" + }, + { + "name": "SUSE-SR:2005:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html" + }, + { + "name": "ADV-2007-3965", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3965" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4847.json b/2005/4xxx/CVE-2005-4847.json index f3d840ec600..f7a659a9845 100644 --- a/2005/4xxx/CVE-2005-4847.json +++ b/2005/4xxx/CVE-2005-4847.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to \"A number of security holes which could lead to compromise,\" a different issue than CVE-2005-4846." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=514029", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=514029" - }, - { - "name" : "38887", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/38887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to \"A number of security holes which could lead to compromise,\" a different issue than CVE-2005-4846." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=514029", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=514029" + }, + { + "name": "38887", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/38887" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0094.json b/2009/0xxx/CVE-2009-0094.json index 83524c31cf9..3ba294287be 100644 --- a/2009/0xxx/CVE-2009-0094.json +++ b/2009/0xxx/CVE-2009-0094.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) \"wpad\" and (2) \"isatap\" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka \"WPAD WINS Server Registration Vulnerability,\" a related issue to CVE-2007-1692." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm" - }, - { - "name" : "MS09-008", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-008" - }, - { - "name" : "TA09-069A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-069A.html" - }, - { - "name" : "34013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34013" - }, - { - "name" : "52520", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52520" - }, - { - "name" : "oval:org.mitre.oval:def:6117", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6117" - }, - { - "name" : "1021829", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021829" - }, - { - "name" : "34217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34217" - }, - { - "name" : "ADV-2009-0661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) \"wpad\" and (2) \"isatap\" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka \"WPAD WINS Server Registration Vulnerability,\" a related issue to CVE-2007-1692." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA09-069A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-069A.html" + }, + { + "name": "oval:org.mitre.oval:def:6117", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6117" + }, + { + "name": "ADV-2009-0661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0661" + }, + { + "name": "34217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34217" + }, + { + "name": "52520", + "refsource": "OSVDB", + "url": "http://osvdb.org/52520" + }, + { + "name": "34013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34013" + }, + { + "name": "1021829", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021829" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm" + }, + { + "name": "MS09-008", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-008" + }, + { + "name": "http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0904.json b/2009/0xxx/CVE-2009-0904.json index 1de29805594..a34fb1b3eb7 100644 --- a/2009/0xxx/CVE-2009-0904.json +++ b/2009/0xxx/CVE-2009-0904.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via \"XML fuzzing attacks\" sent through SOAP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" - }, - { - "name" : "PK84015", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK84015" - }, - { - "name" : "35741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35741" - }, - { - "name" : "websphere-soap-security-bypass(51490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via \"XML fuzzing attacks\" sent through SOAP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" + }, + { + "name": "websphere-soap-security-bypass(51490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51490" + }, + { + "name": "35741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35741" + }, + { + "name": "PK84015", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK84015" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1314.json b/2009/1xxx/CVE-2009-1314.json index 0025cd60caa..b50f5d8959b 100644 --- a/2009/1xxx/CVE-2009-1314.json +++ b/2009/1xxx/CVE-2009-1314.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8382", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8382" - }, - { - "name" : "webfileexplorer-body-code-execution(50389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webfileexplorer-body-code-execution(50389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50389" + }, + { + "name": "8382", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8382" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1909.json b/2009/1xxx/CVE-2009-1909.json index deee1d66878..258dde4f0fd 100644 --- a/2009/1xxx/CVE-2009-1909.json +++ b/2009/1xxx/CVE-2009-1909.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.openskip.org/redmine/issues/show/677", - "refsource" : "CONFIRM", - "url" : "http://dev.openskip.org/redmine/issues/show/677" - }, - { - "name" : "http://portal.openskip.org/top/releasenote-ver1-0-0", - "refsource" : "CONFIRM", - "url" : "http://portal.openskip.org/top/releasenote-ver1-0-0" - }, - { - "name" : "JVN#03114223", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN03114223/index.html" - }, - { - "name" : "JVNDB-2009-000026", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000026.html" - }, - { - "name" : "34898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34898" - }, - { - "name" : "35041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34898" + }, + { + "name": "http://portal.openskip.org/top/releasenote-ver1-0-0", + "refsource": "CONFIRM", + "url": "http://portal.openskip.org/top/releasenote-ver1-0-0" + }, + { + "name": "JVNDB-2009-000026", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000026.html" + }, + { + "name": "http://dev.openskip.org/redmine/issues/show/677", + "refsource": "CONFIRM", + "url": "http://dev.openskip.org/redmine/issues/show/677" + }, + { + "name": "35041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35041" + }, + { + "name": "JVN#03114223", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN03114223/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3716.json b/2009/3xxx/CVE-2009-3716.json index 0c83d427578..86b0680bda4 100644 --- a/2009/3xxx/CVE-2009-3716.json +++ b/2009/3xxx/CVE-2009-3716.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9205", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9205" - }, - { - "name" : "56064", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56064" - }, - { - "name" : "35885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35885" - }, - { - "name" : "mcshoutbox-smilie-file-upload(51864)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9205", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9205" + }, + { + "name": "56064", + "refsource": "OSVDB", + "url": "http://osvdb.org/56064" + }, + { + "name": "35885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35885" + }, + { + "name": "mcshoutbox-smilie-file-upload(51864)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51864" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4167.json b/2009/4xxx/CVE-2009-4167.json index 735dd46f5d0..1abff44b8cf 100644 --- a/2009/4xxx/CVE-2009-4167.json +++ b/2009/4xxx/CVE-2009-4167.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct \"Cache spoofing\" attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/" - }, - { - "name" : "37169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct \"Cache spoofing\" attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37169" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4187.json b/2009/4xxx/CVE-2009-4187.json index 539808243f1..6650f98aad4 100644 --- a/2009/4xxx/CVE-2009-4187.json +++ b/2009/4xxx/CVE-2009-4187.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-04-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-04-1" - }, - { - "name" : "269368", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269368-1" - }, - { - "name" : "37186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37186" - }, - { - "name" : "1023260", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023260", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023260" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-04-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-04-1" + }, + { + "name": "37186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37186" + }, + { + "name": "269368", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269368-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4453.json b/2009/4xxx/CVE-2009-4453.json index 3947efcdd55..1a4850992f0 100644 --- a/2009/4xxx/CVE-2009-4453.json +++ b/2009/4xxx/CVE-2009-4453.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10649", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10649" - }, - { - "name" : "61351", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61351" - }, - { - "name" : "37967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37967" - }, - { - "name" : "soundconverter-sndconverter-file-overwrite(55082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "soundconverter-sndconverter-file-overwrite(55082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55082" + }, + { + "name": "10649", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10649" + }, + { + "name": "61351", + "refsource": "OSVDB", + "url": "http://osvdb.org/61351" + }, + { + "name": "37967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37967" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4504.json b/2009/4xxx/CVE-2009-4504.json index f2f7c466cbf..d7c578abfe4 100644 --- a/2009/4xxx/CVE-2009-4504.json +++ b/2009/4xxx/CVE-2009-4504.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4504", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4504", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4635.json b/2009/4xxx/CVE-2009-4635.json index 2c17baba3cd..510e7882ebb 100644 --- a/2009/4xxx/CVE-2009-4635.json +++ b/2009/4xxx/CVE-2009-4635.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" - }, - { - "name" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", - "refsource" : "MISC", - "url" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" - }, - { - "name" : "DSA-2000", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2000" - }, - { - "name" : "MDVSA-2011:059", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:059" - }, - { - "name" : "MDVSA-2011:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" - }, - { - "name" : "MDVSA-2011:061", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" - }, - { - "name" : "MDVSA-2011:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" - }, - { - "name" : "MDVSA-2011:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" - }, - { - "name" : "MDVSA-2011:114", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" - }, - { - "name" : "USN-931-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-931-1" - }, - { - "name" : "36465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36465" - }, - { - "name" : "36805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36805" - }, - { - "name" : "38643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38643" - }, - { - "name" : "39482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39482" - }, - { - "name" : "ADV-2010-0935", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0935" - }, - { - "name" : "ADV-2011-1241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" + }, + { + "name": "36805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36805" + }, + { + "name": "36465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36465" + }, + { + "name": "39482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39482" + }, + { + "name": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", + "refsource": "MISC", + "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" + }, + { + "name": "MDVSA-2011:061", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" + }, + { + "name": "MDVSA-2011:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" + }, + { + "name": "MDVSA-2011:114", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" + }, + { + "name": "MDVSA-2011:059", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:059" + }, + { + "name": "38643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38643" + }, + { + "name": "ADV-2011-1241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1241" + }, + { + "name": "MDVSA-2011:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" + }, + { + "name": "DSA-2000", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2000" + }, + { + "name": "USN-931-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-931-1" + }, + { + "name": "ADV-2010-0935", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0935" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4878.json b/2009/4xxx/CVE-2009-4878.json index 4711d504885..e3c8fb6dc21 100644 --- a/2009/4xxx/CVE-2009-4878.json +++ b/2009/4xxx/CVE-2009-4878.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html" - }, - { - "name" : "35734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35734" - }, - { - "name" : "1022581", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022581" - }, - { - "name" : "35898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35898" - }, - { - "name" : "ADV-2009-1945", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1945" - }, - { - "name" : "accessmgr-admin-console-info-disclosure(51822)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "accessmgr-admin-console-info-disclosure(51822)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51822" + }, + { + "name": "ADV-2009-1945", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1945" + }, + { + "name": "1022581", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022581" + }, + { + "name": "35734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35734" + }, + { + "name": "35898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35898" + }, + { + "name": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html", + "refsource": "CONFIRM", + "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4997.json b/2009/4xxx/CVE-2009-4997.json index 595fba1bfe5..045bf168288 100644 --- a/2009/4xxx/CVE-2009-4997.json +++ b/2009/4xxx/CVE-2009-4997.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/428115", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/428115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/428115", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/428115" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2022.json b/2012/2xxx/CVE-2012-2022.json index 937f0a3b831..e43467ea145 100644 --- a/2012/2xxx/CVE-2012-2022.json +++ b/2012/2xxx/CVE-2012-2022.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-2022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02798", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03405705" - }, - { - "name" : "SSRT100908", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03405705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02798", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03405705" + }, + { + "name": "SSRT100908", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03405705" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2117.json b/2012/2xxx/CVE-2012-2117.json index 593520de7b1..b9dc46f4dac 100644 --- a/2012/2xxx/CVE-2012-2117.json +++ b/2012/2xxx/CVE-2012-2117.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120418 CVE Request for Drupal Contributed Advisories on 2012-04-18", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/18/11" - }, - { - "name" : "[oss-security] 20120418 Re: CVE Request for Drupal Contributed Advisories on 2012-04-18", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/19/1" - }, - { - "name" : "http://drupal.org/node/1538704", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1538704" - }, - { - "name" : "http://drupal.org/node/1515084", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1515084" - }, - { - "name" : "48832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48832" - }, - { - "name" : "gigyasocialoptimization-unspecified-xss(75025)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1538704", + "refsource": "MISC", + "url": "http://drupal.org/node/1538704" + }, + { + "name": "http://drupal.org/node/1515084", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1515084" + }, + { + "name": "gigyasocialoptimization-unspecified-xss(75025)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75025" + }, + { + "name": "[oss-security] 20120418 CVE Request for Drupal Contributed Advisories on 2012-04-18", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/18/11" + }, + { + "name": "[oss-security] 20120418 Re: CVE Request for Drupal Contributed Advisories on 2012-04-18", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/19/1" + }, + { + "name": "48832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48832" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2352.json b/2012/2xxx/CVE-2012-2352.json index 4c9c76ea725..6a9f302e19f 100644 --- a/2012/2xxx/CVE-2012-2352.json +++ b/2012/2xxx/CVE-2012-2352.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120511 CVE request: sympa (try again)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/11/8" - }, - { - "name" : "[oss-security] 20120511 Re: CVE request: sympa (try again)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/12/2" - }, - { - "name" : "[oss-security] 20120512 Re: CVE request: sympa (try again)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/12/8" - }, - { - "name" : "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358", - "refsource" : "CONFIRM", - "url" : "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358" - }, - { - "name" : "https://www.sympa.org/distribution/latest-stable/NEWS", - "refsource" : "CONFIRM", - "url" : "https://www.sympa.org/distribution/latest-stable/NEWS" - }, - { - "name" : "DSA-2477", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2477" - }, - { - "name" : "53503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53503" - }, - { - "name" : "81890", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81890" - }, - { - "name" : "49045", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49045" - }, - { - "name" : "49237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358", + "refsource": "CONFIRM", + "url": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358" + }, + { + "name": "DSA-2477", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2477" + }, + { + "name": "[oss-security] 20120512 Re: CVE request: sympa (try again)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/12/8" + }, + { + "name": "53503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53503" + }, + { + "name": "[oss-security] 20120511 CVE request: sympa (try again)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/11/8" + }, + { + "name": "[oss-security] 20120511 Re: CVE request: sympa (try again)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/12/2" + }, + { + "name": "81890", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81890" + }, + { + "name": "https://www.sympa.org/distribution/latest-stable/NEWS", + "refsource": "CONFIRM", + "url": "https://www.sympa.org/distribution/latest-stable/NEWS" + }, + { + "name": "49045", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49045" + }, + { + "name": "49237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49237" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2909.json b/2012/2xxx/CVE-2012-2909.json index faef8ee1c13..0b0941ad68e 100644 --- a/2012/2xxx/CVE-2012-2909.json +++ b/2012/2xxx/CVE-2012-2909.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18873", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18873" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=525", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=525" - }, - { - "name" : "53496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53496" - }, - { - "name" : "viscachacms-admin-xss(75577)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=525", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=525" + }, + { + "name": "18873", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18873" + }, + { + "name": "viscachacms-admin-xss(75577)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75577" + }, + { + "name": "53496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53496" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3229.json b/2012/3xxx/CVE-2012-3229.json index 1a6f6ebd484..65e4e785182 100644 --- a/2012/3xxx/CVE-2012-3229.json +++ b/2012/3xxx/CVE-2012-3229.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "86382", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86382" - }, - { - "name" : "1027674", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027674" - }, - { - "name" : "51002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "1027674", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027674" + }, + { + "name": "86382", + "refsource": "OSVDB", + "url": "http://osvdb.org/86382" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "51002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51002" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6253.json b/2012/6xxx/CVE-2012-6253.json index 328ea596389..ffd42f416d8 100644 --- a/2012/6xxx/CVE-2012-6253.json +++ b/2012/6xxx/CVE-2012-6253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6253", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6253", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6353.json b/2012/6xxx/CVE-2012-6353.json index dfc90ad9c1d..1e6819ac209 100644 --- a/2012/6xxx/CVE-2012-6353.json +++ b/2012/6xxx/CVE-2012-6353.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6353", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6353", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6359.json b/2012/6xxx/CVE-2012-6359.json index a331a79ff6c..48253381294 100644 --- a/2012/6xxx/CVE-2012-6359.json +++ b/2012/6xxx/CVE-2012-6359.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-6359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615744", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615744" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615748", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615748" - }, - { - "name" : "IV23451", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23451" - }, - { - "name" : "IV23452", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23452" - }, - { - "name" : "IV23453", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23453" - }, - { - "name" : "56390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56390" - }, - { - "name" : "51212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51212" - }, - { - "name" : "tfim-openid-weak-security(77790)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tfim-openid-weak-security(77790)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77790" + }, + { + "name": "51212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51212" + }, + { + "name": "IV23452", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23452" + }, + { + "name": "IV23453", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23453" + }, + { + "name": "56390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56390" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615748", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615748" + }, + { + "name": "IV23451", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23451" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615744", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615744" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1516.json b/2015/1xxx/CVE-2015-1516.json index fde35bf7c36..78fd317102a 100644 --- a/2015/1xxx/CVE-2015-1516.json +++ b/2015/1xxx/CVE-2015-1516.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://adrianhayter.com/exploits.php", - "refsource" : "MISC", - "url" : "http://adrianhayter.com/exploits.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://adrianhayter.com/exploits.php", + "refsource": "MISC", + "url": "http://adrianhayter.com/exploits.php" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1705.json b/2015/1xxx/CVE-2015-1705.json index b21c3adb0cc..d92dab6c66c 100644 --- a/2015/1xxx/CVE-2015-1705.json +++ b/2015/1xxx/CVE-2015-1705.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1689." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" - }, - { - "name" : "74509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74509" - }, - { - "name" : "1032282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1689." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032282" + }, + { + "name": "74509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74509" + }, + { + "name": "MS15-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1831.json b/2015/1xxx/CVE-2015-1831.json index a6f00b095ef..97de1febb5b 100644 --- a/2015/1xxx/CVE-2015-1831.json +++ b/2015/1xxx/CVE-2015-1831.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to \"compromise internal state of an application\" via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://struts.apache.org/docs/s2-024.html", - "refsource" : "CONFIRM", - "url" : "https://struts.apache.org/docs/s2-024.html" - }, - { - "name" : "75940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75940" - }, - { - "name" : "1032985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to \"compromise internal state of an application\" via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://struts.apache.org/docs/s2-024.html", + "refsource": "CONFIRM", + "url": "https://struts.apache.org/docs/s2-024.html" + }, + { + "name": "75940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75940" + }, + { + "name": "1032985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032985" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5009.json b/2015/5xxx/CVE-2015-5009.json index f370b1c8998..bccdcaf76a5 100644 --- a/2015/5xxx/CVE-2015-5009.json +++ b/2015/5xxx/CVE-2015-5009.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21972610", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21972610" - }, - { - "name" : "JR54264", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54264" - }, - { - "name" : "JR54265", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54265" - }, - { - "name" : "JR54432", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54432" - }, - { - "name" : "JR54824", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54824" - }, - { - "name" : "JR54825", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54825" - }, - { - "name" : "JR54834", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54834" - }, - { - "name" : "JR54899", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54899" - }, - { - "name" : "1034695", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972610", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972610" + }, + { + "name": "JR54834", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54834" + }, + { + "name": "JR54264", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54264" + }, + { + "name": "JR54824", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54824" + }, + { + "name": "1034695", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034695" + }, + { + "name": "JR54432", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54432" + }, + { + "name": "JR54265", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54265" + }, + { + "name": "JR54899", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54899" + }, + { + "name": "JR54825", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR54825" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5157.json b/2015/5xxx/CVE-2015-5157.json index 1c3a15a6f2a..2e617367d01 100644 --- a/2015/5xxx/CVE-2015-5157.json +++ b/2015/5xxx/CVE-2015-5157.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150722 Linux x86_64 NMI security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/22/7" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6" - }, - { - "name" : "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3313", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3313" - }, - { - "name" : "RHSA-2016:0715", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0715.html" - }, - { - "name" : "RHSA-2016:0185", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0185.html" - }, - { - "name" : "RHSA-2016:0212", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0212.html" - }, - { - "name" : "RHSA-2016:0224", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0224.html" - }, - { - "name" : "SUSE-SU-2016:0354", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html" - }, - { - "name" : "SUSE-SU-2015:2108", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html" - }, - { - "name" : "SUSE-SU-2015:2339", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:2350", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html" - }, - { - "name" : "SUSE-SU-2015:1727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html" - }, - { - "name" : "USN-2687-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2687-1" - }, - { - "name" : "USN-2688-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2688-1" - }, - { - "name" : "USN-2689-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2689-1" - }, - { - "name" : "USN-2690-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2690-1" - }, - { - "name" : "USN-2691-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2691-1" - }, - { - "name" : "76005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0212", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0212.html" + }, + { + "name": "SUSE-SU-2015:2350", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "SUSE-SU-2015:1727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html" + }, + { + "name": "RHSA-2016:0715", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0715.html" + }, + { + "name": "USN-2689-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2689-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "USN-2690-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2690-1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a" + }, + { + "name": "76005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76005" + }, + { + "name": "USN-2691-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2691-1" + }, + { + "name": "SUSE-SU-2016:0354", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html" + }, + { + "name": "SUSE-SU-2015:2339", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html" + }, + { + "name": "SUSE-SU-2015:2108", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html" + }, + { + "name": "USN-2688-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2688-1" + }, + { + "name": "RHSA-2016:0185", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0185.html" + }, + { + "name": "DSA-3313", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3313" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6" + }, + { + "name": "[oss-security] 20150722 Linux x86_64 NMI security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/22/7" + }, + { + "name": "RHSA-2016:0224", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0224.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a" + }, + { + "name": "USN-2687-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2687-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5283.json b/2015/5xxx/CVE-2015-5283.json index fdb4d44f093..d3be5a98bba 100644 --- a/2015/5xxx/CVE-2015-5283.json +++ b/2015/5xxx/CVE-2015-5283.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4" - }, - { - "name" : "http://patchwork.ozlabs.org/patch/515996/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.ozlabs.org/patch/515996/" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1257528", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1257528" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2015-5283", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2015-5283" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3372", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3372" - }, - { - "name" : "SUSE-SU-2015:2194", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:1727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html" - }, - { - "name" : "USN-2823-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2823-1" - }, - { - "name" : "USN-2826-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2826-1" - }, - { - "name" : "USN-2829-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2829-1" - }, - { - "name" : "USN-2829-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2829-2" - }, - { - "name" : "77058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77058" - }, - { - "name" : "1033808", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3" + }, + { + "name": "DSA-3372", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3372" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1257528", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257528" + }, + { + "name": "USN-2826-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2826-1" + }, + { + "name": "77058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77058" + }, + { + "name": "SUSE-SU-2015:1727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4" + }, + { + "name": "SUSE-SU-2015:2194", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2015-5283", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2015-5283" + }, + { + "name": "USN-2829-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2829-2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4" + }, + { + "name": "USN-2829-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2829-1" + }, + { + "name": "USN-2823-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2823-1" + }, + { + "name": "1033808", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033808" + }, + { + "name": "http://patchwork.ozlabs.org/patch/515996/", + "refsource": "CONFIRM", + "url": "http://patchwork.ozlabs.org/patch/515996/" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5482.json b/2015/5xxx/CVE-2015-5482.json index 4f9488d51ff..0f205d5bfb2 100644 --- a/2015/5xxx/CVE-2015-5482.json +++ b/2015/5xxx/CVE-2015-5482.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/132656/wpgdbbpress-lfi.txt", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/132656/wpgdbbpress-lfi.txt" - }, - { - "name" : "https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8087", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8087" - }, - { - "name" : "https://wordpress.org/plugins/gd-bbpress-attachments/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/gd-bbpress-attachments/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/gd-bbpress-attachments/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/gd-bbpress-attachments/changelog/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8087", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8087" + }, + { + "name": "https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/" + }, + { + "name": "https://packetstormsecurity.com/files/132656/wpgdbbpress-lfi.txt", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/132656/wpgdbbpress-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5605.json b/2015/5xxx/CVE-2015-5605.json index db1e9e5cd03..7bb59fbeb8e 100644 --- a/2015/5xxx/CVE-2015-5605.json +++ b/2015/5xxx/CVE-2015-5605.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-5605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://chromium.googlesource.com/v8/v8.git/+/c67cb287a901ddf03d4ae4dafcf431d09fd3e22c", - "refsource" : "CONFIRM", - "url" : "https://chromium.googlesource.com/v8/v8.git/+/c67cb287a901ddf03d4ae4dafcf431d09fd3e22c" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=469480", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=469480" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=512110", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=512110" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "76007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76007" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=512110", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=512110" + }, + { + "name": "76007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76007" + }, + { + "name": "https://chromium.googlesource.com/v8/v8.git/+/c67cb287a901ddf03d4ae4dafcf431d09fd3e22c", + "refsource": "CONFIRM", + "url": "https://chromium.googlesource.com/v8/v8.git/+/c67cb287a901ddf03d4ae4dafcf431d09fd3e22c" + }, + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=469480", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=469480" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11142.json b/2018/11xxx/CVE-2018-11142.json index 67cc0393d62..b6c84594fa6 100644 --- a/2018/11xxx/CVE-2018-11142.json +++ b/2018/11xxx/CVE-2018-11142.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11165.json b/2018/11xxx/CVE-2018-11165.json index 4f1cd044cc7..1737159f361 100644 --- a/2018/11xxx/CVE-2018-11165.json +++ b/2018/11xxx/CVE-2018-11165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11659.json b/2018/11xxx/CVE-2018-11659.json index 166c22329a7..5f033758514 100644 --- a/2018/11xxx/CVE-2018-11659.json +++ b/2018/11xxx/CVE-2018-11659.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11659", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11659", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11715.json b/2018/11xxx/CVE-2018-11715.json index f76b370b8e9..ccb75314e62 100644 --- a/2018/11xxx/CVE-2018-11715.json +++ b/2018/11xxx/CVE-2018-11715.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44833", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44833/" - }, - { - "name" : "https://community.mybb.com/mods.php?action=changelog&pid=842", - "refsource" : "MISC", - "url" : "https://community.mybb.com/mods.php?action=changelog&pid=842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.mybb.com/mods.php?action=changelog&pid=842", + "refsource": "MISC", + "url": "https://community.mybb.com/mods.php?action=changelog&pid=842" + }, + { + "name": "44833", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44833/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15249.json b/2018/15xxx/CVE-2018-15249.json index 30040319b6b..039421da74c 100644 --- a/2018/15xxx/CVE-2018-15249.json +++ b/2018/15xxx/CVE-2018-15249.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15249", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15249", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15788.json b/2018/15xxx/CVE-2018-15788.json index 9085f3f0be5..4be5cc5086d 100644 --- a/2018/15xxx/CVE-2018-15788.json +++ b/2018/15xxx/CVE-2018-15788.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15788", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15788", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3185.json b/2018/3xxx/CVE-2018-3185.json index e9fcff4ea9f..57dc857c94a 100644 --- a/2018/3xxx/CVE-2018-3185.json +++ b/2018/3xxx/CVE-2018-3185.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.23 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.23 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3799-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3799-1/" - }, - { - "name" : "105594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105594" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "USN-3799-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3799-1/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105594" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3376.json b/2018/3xxx/CVE-2018-3376.json index 452008e16bb..8efada0ecce 100644 --- a/2018/3xxx/CVE-2018-3376.json +++ b/2018/3xxx/CVE-2018-3376.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3376", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3376", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3951.json b/2018/3xxx/CVE-2018-3951.json index 207554f5ecd..1fc686137c1 100644 --- a/2018/3xxx/CVE-2018-3951.json +++ b/2018/3xxx/CVE-2018-3951.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-11-19T00:00:00", - "ID" : "CVE-2018-3951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TP-Link", - "version" : { - "version_data" : [ - { - "version_value" : "TP-Link TL-R600VPN HWv3 FRNv1.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Classic Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-11-19T00:00:00", + "ID": "CVE-2018-3951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TP-Link", + "version": { + "version_data": [ + { + "version_value": "TP-Link TL-R600VPN HWv3 FRNv1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0620", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0620", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0620" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7018.json b/2018/7xxx/CVE-2018-7018.json index f8cf302ec68..b9b673852fc 100644 --- a/2018/7xxx/CVE-2018-7018.json +++ b/2018/7xxx/CVE-2018-7018.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7018", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7018", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8415.json b/2018/8xxx/CVE-2018-8415.json index 475909449f4..1afb1f35a71 100644 --- a/2018/8xxx/CVE-2018-8415.json +++ b/2018/8xxx/CVE-2018-8415.json @@ -1,229 +1,229 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "PowerShell Core", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka \"Microsoft PowerShell Tampering Vulnerability.\" This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Tampering" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "PowerShell Core", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.1" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8415", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8415" - }, - { - "name" : "105792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105792" - }, - { - "name" : "1042108", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka \"Microsoft PowerShell Tampering Vulnerability.\" This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tampering" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042108", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042108" + }, + { + "name": "105792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105792" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8415", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8415" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8917.json b/2018/8xxx/CVE-2018-8917.json index 62f55176693..395e4e210ac 100644 --- a/2018/8xxx/CVE-2018-8917.json +++ b/2018/8xxx/CVE-2018-8917.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-12-24T00:00:00", - "ID" : "CVE-2018-8917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DiskStation Manager (DSM)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.1.6-15266" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-12-24T00:00:00", + "ID": "CVE-2018-8917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DiskStation Manager (DSM)", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.1.6-15266" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/security/advisory/Synology_SA_18_14", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/security/advisory/Synology_SA_18_14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/security/advisory/Synology_SA_18_14", + "refsource": "CONFIRM", + "url": "https://www.synology.com/security/advisory/Synology_SA_18_14" + } + ] + } +} \ No newline at end of file