From 9460750e214d2540eb31388e0fedc4836706bd7f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:05:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0421.json | 140 ++++++++-------- 2002/2xxx/CVE-2002-2232.json | 160 +++++++++--------- 2002/2xxx/CVE-2002-2343.json | 150 ++++++++--------- 2005/0xxx/CVE-2005-0108.json | 190 ++++++++++----------- 2005/0xxx/CVE-2005-0326.json | 130 +++++++-------- 2005/0xxx/CVE-2005-0772.json | 170 +++++++++---------- 2005/0xxx/CVE-2005-0781.json | 140 ++++++++-------- 2005/1xxx/CVE-2005-1339.json | 120 +++++++------- 2005/1xxx/CVE-2005-1436.json | 180 ++++++++++---------- 2005/1xxx/CVE-2005-1919.json | 34 ++-- 2005/4xxx/CVE-2005-4379.json | 200 +++++++++++------------ 2005/4xxx/CVE-2005-4390.json | 160 +++++++++--------- 2005/4xxx/CVE-2005-4692.json | 130 +++++++-------- 2009/0xxx/CVE-2009-0640.json | 160 +++++++++--------- 2009/0xxx/CVE-2009-0647.json | 160 +++++++++--------- 2009/0xxx/CVE-2009-0873.json | 220 ++++++++++++------------- 2009/1xxx/CVE-2009-1159.json | 170 +++++++++---------- 2009/1xxx/CVE-2009-1482.json | 210 ++++++++++++------------ 2009/1xxx/CVE-2009-1963.json | 180 ++++++++++---------- 2009/4xxx/CVE-2009-4219.json | 140 ++++++++-------- 2009/4xxx/CVE-2009-4241.json | 190 ++++++++++----------- 2009/4xxx/CVE-2009-4273.json | 290 ++++++++++++++++----------------- 2009/4xxx/CVE-2009-4885.json | 140 ++++++++-------- 2009/5xxx/CVE-2009-5107.json | 34 ++-- 2012/2xxx/CVE-2012-2504.json | 34 ++-- 2012/2xxx/CVE-2012-2539.json | 140 ++++++++-------- 2012/2xxx/CVE-2012-2557.json | 160 +++++++++--------- 2012/2xxx/CVE-2012-2698.json | 240 +++++++++++++-------------- 2012/3xxx/CVE-2012-3578.json | 160 +++++++++--------- 2012/3xxx/CVE-2012-3934.json | 34 ++-- 2012/6xxx/CVE-2012-6029.json | 130 +++++++-------- 2012/6xxx/CVE-2012-6484.json | 34 ++-- 2012/6xxx/CVE-2012-6500.json | 140 ++++++++-------- 2012/6xxx/CVE-2012-6532.json | 130 +++++++-------- 2015/5xxx/CVE-2015-5112.json | 34 ++-- 2015/5xxx/CVE-2015-5361.json | 34 ++-- 2015/5xxx/CVE-2015-5383.json | 150 ++++++++--------- 2015/5xxx/CVE-2015-5533.json | 170 +++++++++---------- 2017/2xxx/CVE-2017-2093.json | 140 ++++++++-------- 2017/2xxx/CVE-2017-2266.json | 130 +++++++-------- 2018/11xxx/CVE-2018-11980.json | 34 ++-- 2018/11xxx/CVE-2018-11995.json | 140 ++++++++-------- 2018/14xxx/CVE-2018-14166.json | 34 ++-- 2018/15xxx/CVE-2018-15009.json | 34 ++-- 2018/15xxx/CVE-2018-15596.json | 130 +++++++-------- 2018/15xxx/CVE-2018-15771.json | 174 ++++++++++---------- 2018/15xxx/CVE-2018-15954.json | 140 ++++++++-------- 2018/3xxx/CVE-2018-3512.json | 34 ++-- 2018/3xxx/CVE-2018-3622.json | 34 ++-- 2018/3xxx/CVE-2018-3846.json | 122 +++++++------- 2018/8xxx/CVE-2018-8080.json | 34 ++-- 2018/8xxx/CVE-2018-8520.json | 34 ++-- 2018/8xxx/CVE-2018-8549.json | 140 ++++++++-------- 2018/8xxx/CVE-2018-8911.json | 156 +++++++++--------- 54 files changed, 3449 insertions(+), 3449 deletions(-) diff --git a/2002/0xxx/CVE-2002-0421.json b/2002/0xxx/CVE-2002-0421.json index 32a79d66fb5..921175ec62f 100644 --- a/2002/0xxx/CVE-2002-0421.json +++ b/2002/0xxx/CVE-2002-0421.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IIS 4.0 allows local users to bypass the \"User cannot change password\" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020306 NT user (who is locked changing his/her password by administrator ) can bypass the security policy and Change the password.", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/259963" - }, - { - "name" : "4236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4236" - }, - { - "name" : "winnt-pw-policy-bypass(8388)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8388.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IIS 4.0 allows local users to bypass the \"User cannot change password\" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "winnt-pw-policy-bypass(8388)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8388.php" + }, + { + "name": "20020306 NT user (who is locked changing his/her password by administrator ) can bypass the security policy and Change the password.", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/259963" + }, + { + "name": "4236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4236" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2232.json b/2002/2xxx/CVE-2002-2232.json index d9db10af5e3..30f9874dbc9 100644 --- a/2002/2xxx/CVE-2002-2232.json +++ b/2002/2xxx/CVE-2002-2232.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021209 [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0074.html" - }, - { - "name" : "20021209 [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0097.html" - }, - { - "name" : "20021219 Multiple vulnerability in Enceladus Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/303990" - }, - { - "name" : "6345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6345" - }, - { - "name" : "enceladus-cd-bo(10802)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10802.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "enceladus-cd-bo(10802)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10802.php" + }, + { + "name": "6345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6345" + }, + { + "name": "20021219 Multiple vulnerability in Enceladus Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/303990" + }, + { + "name": "20021209 [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0097.html" + }, + { + "name": "20021209 [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0074.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2343.json b/2002/2xxx/CVE-2002-2343.json index ced3ac81bc1..b4a0f431415 100644 --- a/2002/2xxx/CVE-2002-2343.json +++ b/2002/2xxx/CVE-2002-2343.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020514 NOCC: cross-site-scripting bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0107.html" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=555897&group_id=12177&atid=112177", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=555897&group_id=12177&atid=112177" - }, - { - "name" : "4740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4740" - }, - { - "name" : "nocc-webmail-css(9071)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9071.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=555897&group_id=12177&atid=112177", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=555897&group_id=12177&atid=112177" + }, + { + "name": "4740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4740" + }, + { + "name": "nocc-webmail-css(9071)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9071.php" + }, + { + "name": "20020514 NOCC: cross-site-scripting bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0107.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0108.json b/2005/0xxx/CVE-2005-0108.json index bf63fbb62e8..cbac0f31a85 100644 --- a/2005/0xxx/CVE-2005-0108.json +++ b/2005/0xxx/CVE-2005-0108.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050111 Apache mod_auth_radius remote integer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110548193312050&w=2" - }, - { - "name" : "http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02", - "refsource" : "MISC", - "url" : "http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02" - }, - { - "name" : "DSA-659", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-659" - }, - { - "name" : "12217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12217" - }, - { - "name" : "1012829", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012829" - }, - { - "name" : "13773", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13773" - }, - { - "name" : "14046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14046" - }, - { - "name" : "modauthradius-dos(18841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050111 Apache mod_auth_radius remote integer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110548193312050&w=2" + }, + { + "name": "modauthradius-dos(18841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18841" + }, + { + "name": "14046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14046" + }, + { + "name": "1012829", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012829" + }, + { + "name": "DSA-659", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-659" + }, + { + "name": "13773", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13773" + }, + { + "name": "http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02", + "refsource": "MISC", + "url": "http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02" + }, + { + "name": "12217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12217" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0326.json b/2005/0xxx/CVE-2005-0326.json index d217a560624..3ab499f1457 100644 --- a/2005/0xxx/CVE-2005-0326.json +++ b/2005/0xxx/CVE-2005-0326.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050131 [PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110720365923818&w=2" - }, - { - "name" : "pafiledb-login-path-disclosure(19175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pafiledb-login-path-disclosure(19175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19175" + }, + { + "name": "20050131 [PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110720365923818&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0772.json b/2005/0xxx/CVE-2005-0772.json index d582547ca93..a883cd082d4 100644 --- a/2005/0xxx/CVE-2005-0772.json +++ b/2005/0xxx/CVE-2005-0772.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) \"Error Status\" value, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050623 Veritas Backup Exec Remote Agent NDMLSRVR.DLL DoS Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "20050623 Veritas Backup Exec Agent Error Status Remote DoS Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=271&type=vulnerabilities" - }, - { - "name" : "http://seer.support.veritas.com/docs/276533.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/276533.htm" - }, - { - "name" : "http://seer.support.veritas.com/docs/277485.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/277485.htm" - }, - { - "name" : "1014273", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014273" - }, - { - "name" : "15789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) \"Error Status\" value, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014273", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014273" + }, + { + "name": "http://seer.support.veritas.com/docs/276533.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/276533.htm" + }, + { + "name": "20050623 Veritas Backup Exec Remote Agent NDMLSRVR.DLL DoS Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flashstatus=true" + }, + { + "name": "20050623 Veritas Backup Exec Agent Error Status Remote DoS Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=271&type=vulnerabilities" + }, + { + "name": "http://seer.support.veritas.com/docs/277485.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/277485.htm" + }, + { + "name": "15789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15789" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0781.json b/2005/0xxx/CVE-2005-0781.json index fbed5987a9c..cbf8607d45f 100644 --- a/2005/0xxx/CVE-2005-0781.json +++ b/2005/0xxx/CVE-2005-0781.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050312 [SECURITYREASON.COM] SQL injection and XSS in paFileDB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111065796525043&w=2" - }, - { - "name" : "12788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12788" - }, - { - "name" : "pafiledb-viewall-category-sql-injection(19688)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pafiledb-viewall-category-sql-injection(19688)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19688" + }, + { + "name": "20050312 [SECURITYREASON.COM] SQL injection and XSS in paFileDB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111065796525043&w=2" + }, + { + "name": "12788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12788" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1339.json b/2005/1xxx/CVE-2005-1339.json index f54886da1f1..2860fac9957 100644 --- a/2005/1xxx/CVE-2005-1339.json +++ b/2005/1xxx/CVE-2005-1339.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-05-03", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-05-03", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1436.json b/2005/1xxx/CVE-2005-1436.json index 4382d453a0a..72a738c6909 100644 --- a/2005/1xxx/CVE-2005-1436.json +++ b/2005/1xxx/CVE-2005-1436.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00071-05022005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00071-05022005" - }, - { - "name" : "16270", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16270" - }, - { - "name" : "16271", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16271" - }, - { - "name" : "16272", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16272" - }, - { - "name" : "16273", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16273" - }, - { - "name" : "16274", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16274" - }, - { - "name" : "15216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16274", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16274" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00071-05022005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00071-05022005" + }, + { + "name": "16271", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16271" + }, + { + "name": "16270", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16270" + }, + { + "name": "16272", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16272" + }, + { + "name": "15216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15216" + }, + { + "name": "16273", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16273" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1919.json b/2005/1xxx/CVE-2005-1919.json index 4c133b92696..5ddc72c183f 100644 --- a/2005/1xxx/CVE-2005-1919.json +++ b/2005/1xxx/CVE-2005-1919.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1919", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-1919", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4379.json b/2005/4xxx/CVE-2005-4379.json index 2a2a4d03eb0..2e59ad44425 100644 --- a/2005/4xxx/CVE-2005-4379.json +++ b/2005/4xxx/CVE-2005-4379.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; the (3) blog_id parameter to (e) blogs/view.php; and the (4) search field to (f) users/my_groups.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/bitweaver-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/bitweaver-multiple-vuln.html" - }, - { - "name" : "http://www.bitweaver.org/forums/viewtopic.php?t=1299", - "refsource" : "CONFIRM", - "url" : "http://www.bitweaver.org/forums/viewtopic.php?t=1299" - }, - { - "name" : "ADV-2005-2975", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2975" - }, - { - "name" : "21924", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21924" - }, - { - "name" : "21925", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21925" - }, - { - "name" : "21926", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21926" - }, - { - "name" : "21927", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21927" - }, - { - "name" : "21928", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21928" - }, - { - "name" : "bitweaver-mygroups-xss(23816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; the (3) blog_id parameter to (e) blogs/view.php; and the (4) search field to (f) users/my_groups.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21924", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21924" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/bitweaver-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/bitweaver-multiple-vuln.html" + }, + { + "name": "21927", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21927" + }, + { + "name": "bitweaver-mygroups-xss(23816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23816" + }, + { + "name": "http://www.bitweaver.org/forums/viewtopic.php?t=1299", + "refsource": "CONFIRM", + "url": "http://www.bitweaver.org/forums/viewtopic.php?t=1299" + }, + { + "name": "21925", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21925" + }, + { + "name": "21928", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21928" + }, + { + "name": "ADV-2005-2975", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2975" + }, + { + "name": "21926", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21926" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4390.json b/2005/4xxx/CVE-2005-4390.json index 04798c4f584..3885a1fece0 100644 --- a/2005/4xxx/CVE-2005-4390.json +++ b/2005/4xxx/CVE-2005-4390.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the StoryID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/contentserv-31-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/contentserv-31-sql-inj.html" - }, - { - "name" : "15956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15956" - }, - { - "name" : "ADV-2005-2982", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2982" - }, - { - "name" : "21851", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21851" - }, - { - "name" : "contentserv-storyid-sql-injection(23825)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the StoryID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15956" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/contentserv-31-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/contentserv-31-sql-inj.html" + }, + { + "name": "ADV-2005-2982", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2982" + }, + { + "name": "contentserv-storyid-sql-injection(23825)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23825" + }, + { + "name": "21851", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21851" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4692.json b/2005/4xxx/CVE-2005-4692.json index ff76480e51e..e4991c8332f 100644 --- a/2005/4xxx/CVE-2005-4692.json +++ b/2005/4xxx/CVE-2005-4692.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5b has unknown attack vectors and impact, related to cookies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=113650&release_id=381543", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=113650&release_id=381543" - }, - { - "name" : "22123", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5b has unknown attack vectors and impact, related to cookies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22123", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22123" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=113650&release_id=381543", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=113650&release_id=381543" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0640.json b/2009/0xxx/CVE-2009-0640.json index e61c231a892..79bac63624a 100644 --- a/2009/0xxx/CVE-2009-0640.json +++ b/2009/0xxx/CVE-2009-0640.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the administrative web server in Swann DVR4-SecuraNet allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by reading the vy_netman.cfg file that contains passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090210 Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500789/100/0/threaded" - }, - { - "name" : "http://packetstorm.linuxsecurity.com/0902-exploits/cctv-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0902-exploits/cctv-disclose.txt" - }, - { - "name" : "33716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33716" - }, - { - "name" : "51897", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51897" - }, - { - "name" : "33861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the administrative web server in Swann DVR4-SecuraNet allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by reading the vy_netman.cfg file that contains passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33716" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0902-exploits/cctv-disclose.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0902-exploits/cctv-disclose.txt" + }, + { + "name": "51897", + "refsource": "OSVDB", + "url": "http://osvdb.org/51897" + }, + { + "name": "20090210 Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500789/100/0/threaded" + }, + { + "name": "33861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33861" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0647.json b/2009/0xxx/CVE-2009-0647.json index 184ef78b894..e682666f47b 100644 --- a/2009/0xxx/CVE-2009-0647.json +++ b/2009/0xxx/CVE-2009-0647.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090218 RE: hello bug in windows live messenger", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501043/100/0/threaded" - }, - { - "name" : "33825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33825" - }, - { - "name" : "ADV-2009-0466", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0466" - }, - { - "name" : "33985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33985" - }, - { - "name" : "wlm-packets-dos(48810)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33985" + }, + { + "name": "ADV-2009-0466", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0466" + }, + { + "name": "wlm-packets-dos(48810)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48810" + }, + { + "name": "33825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33825" + }, + { + "name": "20090218 RE: hello bug in windows live messenger", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501043/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0873.json b/2009/0xxx/CVE-2009-0873.json index b52f97e59be..d3d15c0db0f 100644 --- a/2009/0xxx/CVE-2009-0873.json +++ b/2009/0xxx/CVE-2009-0873.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that \"override each other.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-096.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-096.htm" - }, - { - "name" : "250306", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250306-1" - }, - { - "name" : "34062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34062" - }, - { - "name" : "52560", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52560" - }, - { - "name" : "1021832", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021832" - }, - { - "name" : "34225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34225" - }, - { - "name" : "34435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34435" - }, - { - "name" : "ADV-2009-0657", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0657" - }, - { - "name" : "ADV-2009-0814", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0814" - }, - { - "name" : "solaris-nfsd-unauthorized-access(49171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that \"override each other.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0814", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0814" + }, + { + "name": "34435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34435" + }, + { + "name": "1021832", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021832" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-096.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-096.htm" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1" + }, + { + "name": "solaris-nfsd-unauthorized-access(49171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49171" + }, + { + "name": "ADV-2009-0657", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0657" + }, + { + "name": "34062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34062" + }, + { + "name": "34225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34225" + }, + { + "name": "52560", + "refsource": "OSVDB", + "url": "http://osvdb.org/52560" + }, + { + "name": "250306", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250306-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1159.json b/2009/1xxx/CVE-2009-1159.json index 55020c01185..bd42e50cc40 100644 --- a/2009/1xxx/CVE-2009-1159.json +++ b/2009/1xxx/CVE-2009-1159.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-1159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml" - }, - { - "name" : "34429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34429" - }, - { - "name" : "53446", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53446" - }, - { - "name" : "1022015", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022015" - }, - { - "name" : "34607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34607" - }, - { - "name" : "ADV-2009-0981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0981" + }, + { + "name": "34429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34429" + }, + { + "name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml" + }, + { + "name": "34607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34607" + }, + { + "name": "53446", + "refsource": "OSVDB", + "url": "http://osvdb.org/53446" + }, + { + "name": "1022015", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022015" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1482.json b/2009/1xxx/CVE-2009-1482.json index c4c59988bb1..13770eb4fcc 100644 --- a/2009/1xxx/CVE-2009-1482.json +++ b/2009/1xxx/CVE-2009-1482.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1" - }, - { - "name" : "http://moinmo.in/SecurityFixes", - "refsource" : "CONFIRM", - "url" : "http://moinmo.in/SecurityFixes" - }, - { - "name" : "DSA-1791", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1791" - }, - { - "name" : "USN-774-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-774-1" - }, - { - "name" : "34631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34631" - }, - { - "name" : "34821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34821" - }, - { - "name" : "35024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35024" - }, - { - "name" : "34945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34945" - }, - { - "name" : "ADV-2009-1119", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1119" - }, - { - "name" : "moinmoin-errormsg-xss(50356)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "moinmoin-errormsg-xss(50356)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356" + }, + { + "name": "http://moinmo.in/SecurityFixes", + "refsource": "CONFIRM", + "url": "http://moinmo.in/SecurityFixes" + }, + { + "name": "ADV-2009-1119", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1119" + }, + { + "name": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1" + }, + { + "name": "34631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34631" + }, + { + "name": "35024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35024" + }, + { + "name": "34945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34945" + }, + { + "name": "DSA-1791", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1791" + }, + { + "name": "34821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34821" + }, + { + "name": "USN-774-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-774-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1963.json b/2009/1xxx/CVE-2009-1963.json index b0c15874669..8b88f113d17 100644 --- a/2009/1xxx/CVE-2009-1963.json +++ b/2009/1xxx/CVE-2009-1963.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows remote authenticated users to affect integrity and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "35677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35677" - }, - { - "name" : "55885", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55885" - }, - { - "name" : "1022560", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022560" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "ADV-2009-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1900" - }, - { - "name" : "oracle-database-netfound-unspecified(51751)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows remote authenticated users to affect integrity and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55885", + "refsource": "OSVDB", + "url": "http://osvdb.org/55885" + }, + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "oracle-database-netfound-unspecified(51751)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51751" + }, + { + "name": "ADV-2009-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1900" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "1022560", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022560" + }, + { + "name": "35677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35677" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4219.json b/2009/4xxx/CVE-2009-4219.json index 9b0a99dcccb..2e4758fdce8 100644 --- a/2009/4xxx/CVE-2009-4219.json +++ b/2009/4xxx/CVE-2009-4219.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt" - }, - { - "name" : "82346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/82346" - }, - { - "name" : "37509", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "82346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/82346" + }, + { + "name": "http://www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt", + "refsource": "MISC", + "url": "http://www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt" + }, + { + "name": "37509", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37509" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4241.json b/2009/4xxx/CVE-2009-4241.json index dfb033a1df5..36feaa7241c 100644 --- a/2009/4xxx/CVE-2009-4241.json +++ b/2009/4xxx/CVE-2009-4241.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509100/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-005/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-005/" - }, - { - "name" : "http://service.real.com/realplayer/security/01192010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/01192010_player/en/" - }, - { - "name" : "37880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37880" - }, - { - "name" : "1023489", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023489" - }, - { - "name" : "38218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38218" - }, - { - "name" : "ADV-2010-0178", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0178" - }, - { - "name" : "realplayer-asmrulebook-bo(55794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0178", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0178" + }, + { + "name": "realplayer-asmrulebook-bo(55794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794" + }, + { + "name": "1023489", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023489" + }, + { + "name": "20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded" + }, + { + "name": "http://service.real.com/realplayer/security/01192010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/01192010_player/en/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/" + }, + { + "name": "38218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38218" + }, + { + "name": "37880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37880" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4273.json b/2009/4xxx/CVE-2009-4273.json index 4faf80e10f8..a08b19ba7c3 100644 --- a/2009/4xxx/CVE-2009-4273.json +++ b/2009/4xxx/CVE-2009-4273.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[systemtap] 20100115 SystemTap release 1.1", - "refsource" : "MLIST", - "url" : "http://sourceware.org/ml/systemtap/2010-q1/msg00142.html" - }, - { - "name" : "[scm-commits] 20100215 rpms/systemtap/devel systemtap-1.1-tighten-server-params.patch, NONE, 1.1 systemtap.spec, 1.59, 1.60", - "refsource" : "MLIST", - "url" : "http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html" - }, - { - "name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11105", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11105" - }, - { - "name" : "http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=550172", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=550172" - }, - { - "name" : "FEDORA-2010-0671", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html" - }, - { - "name" : "FEDORA-2010-0688", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html" - }, - { - "name" : "FEDORA-2010-1373", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html" - }, - { - "name" : "FEDORA-2010-1720", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html" - }, - { - "name" : "RHSA-2010:0124", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0124.html" - }, - { - "name" : "SUSE-SR:2010:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:11417", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417" - }, - { - "name" : "38154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38154" - }, - { - "name" : "38216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38216" - }, - { - "name" : "38765", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38765" - }, - { - "name" : "39656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39656" - }, - { - "name" : "ADV-2010-0169", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0169" - }, - { - "name" : "ADV-2010-1001", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-1373", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html" + }, + { + "name": "oval:org.mitre.oval:def:11417", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11417" + }, + { + "name": "38154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38154" + }, + { + "name": "FEDORA-2010-0671", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034036.html" + }, + { + "name": "FEDORA-2010-0688", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034041.html" + }, + { + "name": "http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz", + "refsource": "CONFIRM", + "url": "http://sourceware.org/systemtap/ftp/releases/systemtap-1.1.tar.gz" + }, + { + "name": "39656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39656" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=550172", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=550172" + }, + { + "name": "38216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38216" + }, + { + "name": "[scm-commits] 20100215 rpms/systemtap/devel systemtap-1.1-tighten-server-params.patch, NONE, 1.1 systemtap.spec, 1.59, 1.60", + "refsource": "MLIST", + "url": "http://lists.fedoraproject.org/pipermail/scm-commits/2010-February/394714.html" + }, + { + "name": "ADV-2010-0169", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0169" + }, + { + "name": "SUSE-SR:2010:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html" + }, + { + "name": "[systemtap] 20100115 SystemTap release 1.1", + "refsource": "MLIST", + "url": "http://sourceware.org/ml/systemtap/2010-q1/msg00142.html" + }, + { + "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=11105", + "refsource": "CONFIRM", + "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11105" + }, + { + "name": "RHSA-2010:0124", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0124.html" + }, + { + "name": "38765", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38765" + }, + { + "name": "FEDORA-2010-1720", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html" + }, + { + "name": "ADV-2010-1001", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1001" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4885.json b/2009/4xxx/CVE-2009-4885.json index 3f8ec9266ed..62b748ce977 100644 --- a/2009/4xxx/CVE-2009-4885.json +++ b/2009/4xxx/CVE-2009-4885.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in templates/1/login.php in phpCommunity 2 2.1.8 allows remote attackers to inject arbitrary web script or HTML via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090307 phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501588/100/0/threaded" - }, - { - "name" : "8185", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8185" - }, - { - "name" : "phpcommunity-login-xss(49153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in templates/1/login.php in phpCommunity 2 2.1.8 allows remote attackers to inject arbitrary web script or HTML via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpcommunity-login-xss(49153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49153" + }, + { + "name": "20090307 phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501588/100/0/threaded" + }, + { + "name": "8185", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8185" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5107.json b/2009/5xxx/CVE-2009-5107.json index 835cde46f59..b2cda23b04d 100644 --- a/2009/5xxx/CVE-2009-5107.json +++ b/2009/5xxx/CVE-2009-5107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5107", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-5107", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2504.json b/2012/2xxx/CVE-2012-2504.json index d169760405e..3a5453200ab 100644 --- a/2012/2xxx/CVE-2012-2504.json +++ b/2012/2xxx/CVE-2012-2504.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2504", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2504", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2539.json b/2012/2xxx/CVE-2012-2539.json index 591e4e65ae9..efa445485bd 100644 --- a/2012/2xxx/CVE-2012-2539.json +++ b/2012/2xxx/CVE-2012-2539.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"Word RTF 'listoverridecount' Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-079", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079" - }, - { - "name" : "TA12-346A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" - }, - { - "name" : "oval:org.mitre.oval:def:16073", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"Word RTF 'listoverridecount' Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-346A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" + }, + { + "name": "MS12-079", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079" + }, + { + "name": "oval:org.mitre.oval:def:16073", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2557.json b/2012/2xxx/CVE-2012-2557.json index 1ac35c12a05..ff013c4bbed 100644 --- a/2012/2xxx/CVE-2012-2557.json +++ b/2012/2xxx/CVE-2012-2557.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"cloneNode Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-063", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-063" - }, - { - "name" : "TA12-255A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-255A.html" - }, - { - "name" : "55647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55647" - }, - { - "name" : "oval:org.mitre.oval:def:15745", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15745" - }, - { - "name" : "1027555", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"cloneNode Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027555", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027555" + }, + { + "name": "TA12-255A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html" + }, + { + "name": "oval:org.mitre.oval:def:15745", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15745" + }, + { + "name": "MS12-063", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-063" + }, + { + "name": "55647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55647" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2698.json b/2012/2xxx/CVE-2012-2698.json index 7b98f32025f..66d67eee315 100644 --- a/2012/2xxx/CVE-2012-2698.json +++ b/2012/2xxx/CVE-2012-2698.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20120613 MediaWiki security release 1.17.5", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html" - }, - { - "name" : "[MediaWiki-announce] 20120613 MediaWiki security release 1.18.4", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000117.html" - }, - { - "name" : "[MediaWiki-announce] 20120613 MediaWiki security release 1.19.1", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html" - }, - { - "name" : "[oss-security] 20120613 Re: CVE request: XSS in uselang http parameter (mediawiki)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/2" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=36938", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=36938" - }, - { - "name" : "https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php", - "refsource" : "CONFIRM", - "url" : "https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php" - }, - { - "name" : "https://www.mediawiki.org/wiki/Release_notes/1.17", - "refsource" : "CONFIRM", - "url" : "https://www.mediawiki.org/wiki/Release_notes/1.17" - }, - { - "name" : "https://www.mediawiki.org/wiki/Release_notes/1.18", - "refsource" : "CONFIRM", - "url" : "https://www.mediawiki.org/wiki/Release_notes/1.18" - }, - { - "name" : "https://www.mediawiki.org/wiki/Release_notes/1.19", - "refsource" : "CONFIRM", - "url" : "https://www.mediawiki.org/wiki/Release_notes/1.19" - }, - { - "name" : "82983", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82983" - }, - { - "name" : "1027179", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1027179" - }, - { - "name" : "49484", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49484" - }, - { - "name" : "mediawiki-index-uselang-xss(76311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[MediaWiki-announce] 20120613 MediaWiki security release 1.17.5", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html" + }, + { + "name": "https://www.mediawiki.org/wiki/Release_notes/1.18", + "refsource": "CONFIRM", + "url": "https://www.mediawiki.org/wiki/Release_notes/1.18" + }, + { + "name": "82983", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82983" + }, + { + "name": "[MediaWiki-announce] 20120613 MediaWiki security release 1.18.4", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000117.html" + }, + { + "name": "49484", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49484" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=36938", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=36938" + }, + { + "name": "1027179", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1027179" + }, + { + "name": "https://www.mediawiki.org/wiki/Release_notes/1.19", + "refsource": "CONFIRM", + "url": "https://www.mediawiki.org/wiki/Release_notes/1.19" + }, + { + "name": "mediawiki-index-uselang-xss(76311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76311" + }, + { + "name": "https://www.mediawiki.org/wiki/Release_notes/1.17", + "refsource": "CONFIRM", + "url": "https://www.mediawiki.org/wiki/Release_notes/1.17" + }, + { + "name": "https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php", + "refsource": "CONFIRM", + "url": "https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php" + }, + { + "name": "[oss-security] 20120613 Re: CVE request: XSS in uselang http parameter (mediawiki)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/2" + }, + { + "name": "[MediaWiki-announce] 20120613 MediaWiki security release 1.19.1", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3578.json b/2012/3xxx/CVE-2012-3578.json index 53ef0d2796c..b661f63af8a 100644 --- a/2012/3xxx/CVE-2012-3578.json +++ b/2012/3xxx/CVE-2012-3578.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html" - }, - { - "name" : "http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html" - }, - { - "name" : "53855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53855" - }, - { - "name" : "49419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49419" - }, - { - "name" : "wp-fcchatwidget-upload-file-upload(76123)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html" + }, + { + "name": "49419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49419" + }, + { + "name": "53855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53855" + }, + { + "name": "http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html", + "refsource": "MISC", + "url": "http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html" + }, + { + "name": "wp-fcchatwidget-upload-file-upload(76123)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76123" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3934.json b/2012/3xxx/CVE-2012-3934.json index 4b6074197ef..4adea40f35d 100644 --- a/2012/3xxx/CVE-2012-3934.json +++ b/2012/3xxx/CVE-2012-3934.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3934", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3934", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6029.json b/2012/6xxx/CVE-2012-6029.json index 68aab30a097..243ba7b2061 100644 --- a/2012/6xxx/CVE-2012-6029.json +++ b/2012/6xxx/CVE-2012-6029.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-6029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/", - "refsource" : "MISC", - "url" : "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/" - }, - { - "name" : "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/", + "refsource": "MISC", + "url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/" + }, + { + "name": "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6484.json b/2012/6xxx/CVE-2012-6484.json index 2ded8ea3073..5cb65f7c3cf 100644 --- a/2012/6xxx/CVE-2012-6484.json +++ b/2012/6xxx/CVE-2012-6484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6500.json b/2012/6xxx/CVE-2012-6500.json index cb158ef53e9..de4a5ec666a 100644 --- a/2012/6xxx/CVE-2012-6500.json +++ b/2012/6xxx/CVE-2012-6500.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18347", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18347" - }, - { - "name" : "51360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51360" - }, - { - "name" : "82585", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51360" + }, + { + "name": "18347", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18347" + }, + { + "name": "82585", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82585" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6532.json b/2012/6xxx/CVE-2012-6532.json index c3a2beac375..231294e0edb 100644 --- a/2012/6xxx/CVE-2012-6532.json +++ b/2012/6xxx/CVE-2012-6532.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://framework.zend.com/security/advisory/ZF2012-02", - "refsource" : "CONFIRM", - "url" : "http://framework.zend.com/security/advisory/ZF2012-02" - }, - { - "name" : "MDVSA-2013:115", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2013:115", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115" + }, + { + "name": "http://framework.zend.com/security/advisory/ZF2012-02", + "refsource": "CONFIRM", + "url": "http://framework.zend.com/security/advisory/ZF2012-02" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5112.json b/2015/5xxx/CVE-2015-5112.json index b0a60e3106f..6c126e2ddbc 100644 --- a/2015/5xxx/CVE-2015-5112.json +++ b/2015/5xxx/CVE-2015-5112.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5112", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5112", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5361.json b/2015/5xxx/CVE-2015-5361.json index 4d4661ed34f..12a68057c9e 100644 --- a/2015/5xxx/CVE-2015-5361.json +++ b/2015/5xxx/CVE-2015-5361.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5361", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5361", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5383.json b/2015/5xxx/CVE-2015-5383.json index 79dd440fc74..0f107227186 100644 --- a/2015/5xxx/CVE-2015-5383.json +++ b/2015/5xxx/CVE-2015-5383.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150706 Re: CVE request for vulnerabilities fixed in roundcubemail 1.1.2 and 1.0.6", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/07/2" - }, - { - "name" : "https://github.com/roundcube/roundcubemail/commit/012555c1cef35601b543cde67bff8726de97eb39", - "refsource" : "CONFIRM", - "url" : "https://github.com/roundcube/roundcubemail/commit/012555c1cef35601b543cde67bff8726de97eb39" - }, - { - "name" : "https://github.com/roundcube/roundcubemail/issues/4816", - "refsource" : "CONFIRM", - "url" : "https://github.com/roundcube/roundcubemail/issues/4816" - }, - { - "name" : "https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released", - "refsource" : "CONFIRM", - "url" : "https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150706 Re: CVE request for vulnerabilities fixed in roundcubemail 1.1.2 and 1.0.6", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/07/2" + }, + { + "name": "https://github.com/roundcube/roundcubemail/commit/012555c1cef35601b543cde67bff8726de97eb39", + "refsource": "CONFIRM", + "url": "https://github.com/roundcube/roundcubemail/commit/012555c1cef35601b543cde67bff8726de97eb39" + }, + { + "name": "https://github.com/roundcube/roundcubemail/issues/4816", + "refsource": "CONFIRM", + "url": "https://github.com/roundcube/roundcubemail/issues/4816" + }, + { + "name": "https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released", + "refsource": "CONFIRM", + "url": "https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5533.json b/2015/5xxx/CVE-2015-5533.json index fefbfc4a251..a6b90222556 100644 --- a/2015/5xxx/CVE-2015-5533.json +++ b/2015/5xxx/CVE-2015-5533.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150722 SQL Injection in Count Per Day WordPress Plugin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536056/100/0/threaded" - }, - { - "name" : "37707", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37707/" - }, - { - "name" : "http://packetstormsecurity.com/files/132811/WordPress-Count-Per-Day-3.4-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132811/WordPress-Count-Per-Day-3.4-SQL-Injection.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23267", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23267" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8110", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8110" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/1190683/count-per-day", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/1190683/count-per-day" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23267", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23267" + }, + { + "name": "http://packetstormsecurity.com/files/132811/WordPress-Count-Per-Day-3.4-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132811/WordPress-Count-Per-Day-3.4-SQL-Injection.html" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/1190683/count-per-day", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1190683/count-per-day" + }, + { + "name": "37707", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37707/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8110", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8110" + }, + { + "name": "20150722 SQL Injection in Count Per Day WordPress Plugin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536056/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2093.json b/2017/2xxx/CVE-2017-2093.json index 4d56c61a4fd..5fd65b15c0a 100644 --- a/2017/2xxx/CVE-2017-2093.json +++ b/2017/2xxx/CVE-2017-2093.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Garoon", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0 to 4.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Garoon", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 4.2.3" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9647", - "refsource" : "MISC", - "url" : "https://support.cybozu.com/ja-jp/article/9647" - }, - { - "name" : "JVN#73182875", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN73182875/index.html" - }, - { - "name" : "96429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#73182875", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN73182875/index.html" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/9647", + "refsource": "MISC", + "url": "https://support.cybozu.com/ja-jp/article/9647" + }, + { + "name": "96429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96429" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2266.json b/2017/2xxx/CVE-2017-2266.json index 1ee5b0284a9..ba6ceae6282 100644 --- a/2017/2xxx/CVE-2017-2266.json +++ b/2017/2xxx/CVE-2017-2266.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Encrypted files in self-decryption format created by FileCapsule Deluxe Portable", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.1.0.4.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Tomoki Fuke" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Encrypted files in self-decryption format created by FileCapsule Deluxe Portable", + "version": { + "version_data": [ + { + "version_value": "Ver.1.0.4.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Tomoki Fuke" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://resumenext.blog.fc2.com/blog-entry-30.html", - "refsource" : "CONFIRM", - "url" : "http://resumenext.blog.fc2.com/blog-entry-30.html" - }, - { - "name" : "JVN#42031953", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN42031953/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://resumenext.blog.fc2.com/blog-entry-30.html", + "refsource": "CONFIRM", + "url": "http://resumenext.blog.fc2.com/blog-entry-30.html" + }, + { + "name": "JVN#42031953", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN42031953/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11980.json b/2018/11xxx/CVE-2018-11980.json index fdec7fc25e6..08f84a25081 100644 --- a/2018/11xxx/CVE-2018-11980.json +++ b/2018/11xxx/CVE-2018-11980.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11980", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11980", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11995.json b/2018/11xxx/CVE-2018-11995.json index c837cfe3a17..3e641a711bc 100644 --- a/2018/11xxx/CVE-2018-11995.json +++ b/2018/11xxx/CVE-2018-11995.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=e3688be47d2b72f130f90dafd24b5f5acc4684ca", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=e3688be47d2b72f130f90dafd24b5f5acc4684ca" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - }, - { - "name" : "105872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=e3688be47d2b72f130f90dafd24b5f5acc4684ca", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=e3688be47d2b72f130f90dafd24b5f5acc4684ca" + }, + { + "name": "105872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105872" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14166.json b/2018/14xxx/CVE-2018-14166.json index 4ba14fcd9ea..b700c6e3829 100644 --- a/2018/14xxx/CVE-2018-14166.json +++ b/2018/14xxx/CVE-2018-14166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14166", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15009.json b/2018/15xxx/CVE-2018-15009.json index 72804dda7ff..2c0170ba258 100644 --- a/2018/15xxx/CVE-2018-15009.json +++ b/2018/15xxx/CVE-2018-15009.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15009", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15009", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15596.json b/2018/15xxx/CVE-2018-15596.json index 89150fd3fee..d9dd9c8e74c 100644 --- a/2018/15xxx/CVE-2018-15596.json +++ b/2018/15xxx/CVE-2018-15596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45393", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45393/" - }, - { - "name" : "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45393", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45393/" + }, + { + "name": "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/", + "refsource": "CONFIRM", + "url": "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15771.json b/2018/15xxx/CVE-2018-15771.json index 9ef98488fe6..bed8cae8f16 100644 --- a/2018/15xxx/CVE-2018-15771.json +++ b/2018/15xxx/CVE-2018-15771.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-11-09T05:00:00.000Z", - "ID" : "CVE-2018-15771", - "STATE" : "PUBLIC", - "TITLE" : "Dell EMC RecoverPoint Information Disclosure Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell EMC RecoverPoint", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "5.1.2.1" - } - ] - } - }, - { - "product_name" : "Dell EMC RecoverPoint Virtual Machine (VM)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "5.2.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information disclosure vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-11-09T05:00:00.000Z", + "ID": "CVE-2018-15771", + "STATE": "PUBLIC", + "TITLE": "Dell EMC RecoverPoint Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell EMC RecoverPoint", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.1.2.1" + } + ] + } + }, + { + "product_name": "Dell EMC RecoverPoint Virtual Machine (VM)", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.2.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181108 DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Nov/34" - }, - { - "name" : "105916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105916" - }, - { - "name" : "1042059", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042059" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042059", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042059" + }, + { + "name": "105916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105916" + }, + { + "name": "20181108 DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Nov/34" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15954.json b/2018/15xxx/CVE-2018-15954.json index f4cbf2e6be1..cd9c6fb8063 100644 --- a/2018/15xxx/CVE-2018-15954.json +++ b/2018/15xxx/CVE-2018-15954.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105432" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + }, + { + "name": "105432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105432" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3512.json b/2018/3xxx/CVE-2018-3512.json index 69a0c18029f..cbfec81ef3e 100644 --- a/2018/3xxx/CVE-2018-3512.json +++ b/2018/3xxx/CVE-2018-3512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3622.json b/2018/3xxx/CVE-2018-3622.json index 38656baa5fe..2c0e0f3f34e 100644 --- a/2018/3xxx/CVE-2018-3622.json +++ b/2018/3xxx/CVE-2018-3622.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3622", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3622", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3846.json b/2018/3xxx/CVE-2018-3846.json index 6aafe36fd9a..cf7fc1ebb70 100644 --- a/2018/3xxx/CVE-2018-3846.json +++ b/2018/3xxx/CVE-2018-3846.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-12T00:00:00", - "ID" : "CVE-2018-3846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NASA CFITSIO", - "version" : { - "version_data" : [ - { - "version_value" : "NASA CFITSIO 3.42" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "stack-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-12T00:00:00", + "ID": "CVE-2018-3846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NASA CFITSIO", + "version": { + "version_data": [ + { + "version_value": "NASA CFITSIO 3.42" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8080.json b/2018/8xxx/CVE-2018-8080.json index 86b676fa589..8b95f1a08a5 100644 --- a/2018/8xxx/CVE-2018-8080.json +++ b/2018/8xxx/CVE-2018-8080.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8080", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8080", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8520.json b/2018/8xxx/CVE-2018-8520.json index 05ae76fe766..3011394bab6 100644 --- a/2018/8xxx/CVE-2018-8520.json +++ b/2018/8xxx/CVE-2018-8520.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8520", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8520", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8549.json b/2018/8xxx/CVE-2018-8549.json index 21f132c50b9..e0029241d69 100644 --- a/2018/8xxx/CVE-2018-8549.json +++ b/2018/8xxx/CVE-2018-8549.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2018-8549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka \"Windows Security Feature Bypass Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8549", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8549" - }, - { - "name" : "105803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105803" - }, - { - "name" : "1042138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka \"Windows Security Feature Bypass Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8549", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8549" + }, + { + "name": "1042138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042138" + }, + { + "name": "105803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105803" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8911.json b/2018/8xxx/CVE-2018-8911.json index f81107fa209..73b2de3d4e4 100644 --- a/2018/8xxx/CVE-2018-8911.json +++ b/2018/8xxx/CVE-2018-8911.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-05-08T00:00:00", - "ID" : "CVE-2018-8911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Note Station", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "2.5.1-0844" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-05-08T00:00:00", + "ID": "CVE-2018-8911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Note Station", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.5.1-0844" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_03", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_03", + "refsource": "CONFIRM", + "url": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_03" + } + ] + } +} \ No newline at end of file