From 96d24a0bd3eb6368e0d02cd1641caa13a29259de Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:31:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0086.json | 160 +++++------ 2005/0xxx/CVE-2005-0201.json | 220 +++++++-------- 2005/0xxx/CVE-2005-0477.json | 130 ++++----- 2005/0xxx/CVE-2005-0611.json | 170 ++++++------ 2005/0xxx/CVE-2005-0682.json | 140 +++++----- 2005/2xxx/CVE-2005-2412.json | 160 +++++------ 2005/2xxx/CVE-2005-2454.json | 220 +++++++-------- 2005/3xxx/CVE-2005-3252.json | 260 +++++++++--------- 2005/3xxx/CVE-2005-3597.json | 34 +-- 2005/4xxx/CVE-2005-4012.json | 210 +++++++------- 2005/4xxx/CVE-2005-4199.json | 260 +++++++++--------- 2005/4xxx/CVE-2005-4234.json | 160 +++++------ 2005/4xxx/CVE-2005-4344.json | 160 +++++------ 2005/4xxx/CVE-2005-4563.json | 180 ++++++------ 2005/4xxx/CVE-2005-4813.json | 190 ++++++------- 2009/0xxx/CVE-2009-0733.json | 520 +++++++++++++++++------------------ 2009/2xxx/CVE-2009-2045.json | 140 +++++----- 2009/2xxx/CVE-2009-2064.json | 150 +++++----- 2009/3xxx/CVE-2009-3097.json | 130 ++++----- 2009/3xxx/CVE-2009-3538.json | 130 ++++----- 2009/3xxx/CVE-2009-3673.json | 150 +++++----- 2009/3xxx/CVE-2009-3911.json | 150 +++++----- 2009/4xxx/CVE-2009-4531.json | 170 ++++++------ 2009/4xxx/CVE-2009-4657.json | 130 ++++----- 2009/4xxx/CVE-2009-4720.json | 140 +++++----- 2009/4xxx/CVE-2009-4756.json | 170 ++++++------ 2009/4xxx/CVE-2009-4914.json | 120 ++++---- 2012/2xxx/CVE-2012-2263.json | 34 +-- 2015/0xxx/CVE-2015-0208.json | 270 +++++++++--------- 2015/0xxx/CVE-2015-0604.json | 160 +++++------ 2015/0xxx/CVE-2015-0821.json | 200 +++++++------- 2015/1xxx/CVE-2015-1393.json | 130 ++++----- 2015/1xxx/CVE-2015-1424.json | 160 +++++------ 2015/1xxx/CVE-2015-1550.json | 120 ++++---- 2015/1xxx/CVE-2015-1906.json | 140 +++++----- 2015/1xxx/CVE-2015-1973.json | 34 +-- 2015/5xxx/CVE-2015-5330.json | 360 ++++++++++++------------ 2015/5xxx/CVE-2015-5769.json | 150 +++++----- 2015/5xxx/CVE-2015-5829.json | 170 ++++++------ 2015/5xxx/CVE-2015-5835.json | 150 +++++----- 2018/3xxx/CVE-2018-3022.json | 174 ++++++------ 2018/3xxx/CVE-2018-3309.json | 132 ++++----- 2018/3xxx/CVE-2018-3358.json | 34 +-- 2018/3xxx/CVE-2018-3424.json | 34 +-- 2018/3xxx/CVE-2018-3892.json | 120 ++++---- 2018/3xxx/CVE-2018-3928.json | 122 ++++---- 2018/6xxx/CVE-2018-6261.json | 122 ++++---- 2018/6xxx/CVE-2018-6674.json | 190 ++++++------- 2018/6xxx/CVE-2018-6677.json | 190 ++++++------- 2018/6xxx/CVE-2018-6998.json | 34 +-- 2018/7xxx/CVE-2018-7086.json | 34 +-- 2018/7xxx/CVE-2018-7147.json | 34 +-- 2018/7xxx/CVE-2018-7270.json | 34 +-- 2018/7xxx/CVE-2018-7571.json | 34 +-- 2018/8xxx/CVE-2018-8564.json | 226 +++++++-------- 2018/8xxx/CVE-2018-8624.json | 234 ++++++++-------- 2018/8xxx/CVE-2018-8692.json | 34 +-- 2018/8xxx/CVE-2018-8719.json | 120 ++++---- 2018/8xxx/CVE-2018-8756.json | 130 ++++----- 59 files changed, 4432 insertions(+), 4432 deletions(-) diff --git a/2005/0xxx/CVE-2005-0086.json b/2005/0xxx/CVE-2005-0086.json index 9f4f1a9754e..4059c984f7d 100644 --- a/2005/0xxx/CVE-2005-0086.json +++ b/2005/0xxx/CVE-2005-0086.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FLSA:2404", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2404" - }, - { - "name" : "RHSA-2005:068", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-068.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527" - }, - { - "name" : "oval:org.mitre.oval:def:11027", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11027" - }, - { - "name" : "less-file-bo(19131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11027", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11027" + }, + { + "name": "less-file-bo(19131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19131" + }, + { + "name": "RHSA-2005:068", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-068.html" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527" + }, + { + "name": "FLSA:2404", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2404" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0201.json b/2005/0xxx/CVE-2005-0201.json index d86ff519deb..ad68d0601bd 100644 --- a/2005/0xxx/CVE-2005-0201.json +++ b/2005/0xxx/CVE-2005-0201.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2005:105", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:105" - }, - { - "name" : "RHSA-2005:102", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-102.html" - }, - { - "name" : "USN-144-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/144-1/" - }, - { - "name" : "ESB-2005.0435", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=5156" - }, - { - "name" : "12435", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12435" - }, - { - "name" : "oval:org.mitre.oval:def:10973", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10973" - }, - { - "name" : "1013075", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013075" - }, - { - "name" : "14119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14119" - }, - { - "name" : "15638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15638" - }, - { - "name" : "15833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15833" - }, - { - "name" : "15844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15833" + }, + { + "name": "15844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15844" + }, + { + "name": "12435", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12435" + }, + { + "name": "MDKSA-2005:105", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:105" + }, + { + "name": "oval:org.mitre.oval:def:10973", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10973" + }, + { + "name": "1013075", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013075" + }, + { + "name": "15638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15638" + }, + { + "name": "RHSA-2005:102", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-102.html" + }, + { + "name": "ESB-2005.0435", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=5156" + }, + { + "name": "USN-144-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/144-1/" + }, + { + "name": "14119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14119" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0477.json b/2005/0xxx/CVE-2005-0477.json index 019109f4339..23a63761a46 100644 --- a/2005/0xxx/CVE-2005-0477.json +++ b/2005/0xxx/CVE-2005-0477.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050217 Invision Power Boards 1.3.1 FINAL XSS Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110868196922995&w=2" - }, - { - "name" : "invision-power-board-sml-xss(19399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "invision-power-board-sml-xss(19399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19399" + }, + { + "name": "20050217 Invision Power Boards 1.3.1 FINAL XSS Exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110868196922995&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0611.json b/2005/0xxx/CVE-2005-0611.json index 628c23a86f2..eb1c18e3170 100644 --- a/2005/0xxx/CVE-2005-0611.json +++ b/2005/0xxx/CVE-2005-0611.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110979465912834&w=2" - }, - { - "name" : "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://marc.info/?l=vulnwatch&m=110977858619314&w=2" - }, - { - "name" : "http://service.real.com/help/faq/security/050224_player/EN/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/help/faq/security/050224_player/EN/" - }, - { - "name" : "RHSA-2005:265", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-265.html" - }, - { - "name" : "RHSA-2005:271", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-271.html" - }, - { - "name" : "oval:org.mitre.oval:def:11419", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:271", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-271.html" + }, + { + "name": "oval:org.mitre.oval:def:11419", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419" + }, + { + "name": "http://service.real.com/help/faq/security/050224_player/EN/", + "refsource": "CONFIRM", + "url": "http://service.real.com/help/faq/security/050224_player/EN/" + }, + { + "name": "RHSA-2005:265", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-265.html" + }, + { + "name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110979465912834&w=2" + }, + { + "name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability", + "refsource": "VULNWATCH", + "url": "http://marc.info/?l=vulnwatch&m=110977858619314&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0682.json b/2005/0xxx/CVE-2005-0682.json index fa310c00ddc..fbf4a212981 100644 --- a/2005/0xxx/CVE-2005-0682.json +++ b/2005/0xxx/CVE-2005-0682.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/drupal-4.5.2", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/drupal-4.5.2" - }, - { - "name" : "http://drupal.org/files/drupal-4.5-xss-fix.patch", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/files/drupal-4.5-xss-fix.patch" - }, - { - "name" : "14515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/files/drupal-4.5-xss-fix.patch", + "refsource": "CONFIRM", + "url": "http://drupal.org/files/drupal-4.5-xss-fix.patch" + }, + { + "name": "14515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14515" + }, + { + "name": "http://drupal.org/drupal-4.5.2", + "refsource": "CONFIRM", + "url": "http://drupal.org/drupal-4.5.2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2412.json b/2005/2xxx/CVE-2005-2412.json index 15a69f93212..200250ff28c 100644 --- a/2005/2xxx/CVE-2005-2412.json +++ b/2005/2xxx/CVE-2005-2412.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050724 PHP FirstPost remote file include vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112230599222543&w=2" - }, - { - "name" : "14371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14371" - }, - { - "name" : "18394", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18394" - }, - { - "name" : "1014563", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014563" - }, - { - "name" : "php-firstpost-block-file-include(21513)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18394", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18394" + }, + { + "name": "1014563", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014563" + }, + { + "name": "php-firstpost-block-file-include(21513)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21513" + }, + { + "name": "20050724 PHP FirstPost remote file include vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112230599222543&w=2" + }, + { + "name": "14371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14371" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2454.json b/2005/2xxx/CVE-2005-2454.json index 9f805ba92c0..aeb7d558168 100644 --- a/2005/2xxx/CVE-2005-2454.json +++ b/2005/2xxx/CVE-2005-2454.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the \"Notes\" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 Secunia Research: IBM Lotus Notes Insecure Default FolderPermissions", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449126/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2005-29/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-29/advisory/" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773" - }, - { - "name" : "VU#383092", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/383092" - }, - { - "name" : "20612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20612" - }, - { - "name" : "ADV-2006-4093", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4093" - }, - { - "name" : "29761", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29761" - }, - { - "name" : "1017086", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017086" - }, - { - "name" : "19537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19537" - }, - { - "name" : "27342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27342" - }, - { - "name" : "lotusnotes-directory-insecure-permission(29660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the \"Notes\" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4093", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4093" + }, + { + "name": "http://secunia.com/secunia_research/2005-29/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-29/advisory/" + }, + { + "name": "29761", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29761" + }, + { + "name": "VU#383092", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/383092" + }, + { + "name": "19537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19537" + }, + { + "name": "20061018 Secunia Research: IBM Lotus Notes Insecure Default FolderPermissions", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449126/100/0/threaded" + }, + { + "name": "27342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27342" + }, + { + "name": "20612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20612" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773" + }, + { + "name": "lotusnotes-directory-insecure-permission(29660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29660" + }, + { + "name": "1017086", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017086" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3252.json b/2005/3xxx/CVE-2005-3252.json index ce508a0ec53..fe5abcbb29e 100644 --- a/2005/3xxx/CVE-2005-3252.json +++ b/2005/3xxx/CVE-2005-3252.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051018 Snort Back Orifice Parsing Remote Code Execution", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/207" - }, - { - "name" : "20051025 Snort's BO pre-processor exploit", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html" - }, - { - "name" : "20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html" - }, - { - "name" : "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt" - }, - { - "name" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=362187&RenditionID=", - "refsource" : "CONFIRM", - "url" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=362187&RenditionID=" - }, - { - "name" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=363396&RenditionID=", - "refsource" : "CONFIRM", - "url" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=363396&RenditionID=" - }, - { - "name" : "TA05-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-291A.html" - }, - { - "name" : "VU#175500", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/175500" - }, - { - "name" : "15131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15131" - }, - { - "name" : "ADV-2005-2138", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2138" - }, - { - "name" : "20034", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20034" - }, - { - "name" : "1015070", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015070" - }, - { - "name" : "17559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17559" - }, - { - "name" : "17220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17220" - }, - { - "name" : "17255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#175500", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/175500" + }, + { + "name": "20051025 Snort's BO pre-processor exploit", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html" + }, + { + "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=362187&RenditionID=", + "refsource": "CONFIRM", + "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=362187&RenditionID=" + }, + { + "name": "15131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15131" + }, + { + "name": "ADV-2005-2138", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2138" + }, + { + "name": "17559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17559" + }, + { + "name": "20051018 Snort Back Orifice Parsing Remote Code Execution", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/207" + }, + { + "name": "20034", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20034" + }, + { + "name": "20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html" + }, + { + "name": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt", + "refsource": "CONFIRM", + "url": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt" + }, + { + "name": "17220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17220" + }, + { + "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=363396&RenditionID=", + "refsource": "CONFIRM", + "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=363396&RenditionID=" + }, + { + "name": "TA05-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-291A.html" + }, + { + "name": "1015070", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015070" + }, + { + "name": "17255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17255" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3597.json b/2005/3xxx/CVE-2005-3597.json index 0e36dae916b..4dc33e415d6 100644 --- a/2005/3xxx/CVE-2005-3597.json +++ b/2005/3xxx/CVE-2005-3597.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3597", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3573. Reason: This candidate is a duplicate of CVE-2005-3573. A CNA error by MITRE introduced the duplicate. Notes: All CVE users should reference CVE-2005-3573 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-3597", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3573. Reason: This candidate is a duplicate of CVE-2005-3573. A CNA error by MITRE introduced the duplicate. Notes: All CVE users should reference CVE-2005-3573 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4012.json b/2005/4xxx/CVE-2005-4012.json index 131a008e726..cc0443cbe92 100644 --- a/2005/4xxx/CVE-2005-4012.json +++ b/2005/4xxx/CVE-2005-4012.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051128 Php Web Statistik Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html" - }, - { - "name" : "http://www.ush.it/2005/11/19/php-web-statistik/", - "refsource" : "MISC", - "url" : "http://www.ush.it/2005/11/19/php-web-statistik/" - }, - { - "name" : "http://freewebstat.com/changelog-english.html", - "refsource" : "MISC", - "url" : "http://freewebstat.com/changelog-english.html" - }, - { - "name" : "15603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15603" - }, - { - "name" : "ADV-2005-2645", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2645" - }, - { - "name" : "21208", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21208" - }, - { - "name" : "21212", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21212" - }, - { - "name" : "17789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17789" - }, - { - "name" : "phpwebstatistik-referer-xss(23385)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23385" - }, - { - "name" : "phpwebstatistik-stat-xss(23379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2645", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2645" + }, + { + "name": "http://freewebstat.com/changelog-english.html", + "refsource": "MISC", + "url": "http://freewebstat.com/changelog-english.html" + }, + { + "name": "21212", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21212" + }, + { + "name": "phpwebstatistik-referer-xss(23385)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23385" + }, + { + "name": "20051128 Php Web Statistik Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html" + }, + { + "name": "21208", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21208" + }, + { + "name": "17789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17789" + }, + { + "name": "15603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15603" + }, + { + "name": "http://www.ush.it/2005/11/19/php-web-statistik/", + "refsource": "MISC", + "url": "http://www.ush.it/2005/11/19/php-web-statistik/" + }, + { + "name": "phpwebstatistik-stat-xss(23379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23379" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4199.json b/2005/4xxx/CVE-2005-4199.json index 3ecf4b1561a..42114ab2f66 100644 --- a/2005/4xxx/CVE-2005-4199.json +++ b/2005/4xxx/CVE-2005-4199.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419067/100/0/threaded" - }, - { - "name" : "20051223 [TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420159/100/0/threaded" - }, - { - "name" : "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html" - }, - { - "name" : "http://www.trapkit.de/advisories/TKPN2005-12-001.txt", - "refsource" : "MISC", - "url" : "http://www.trapkit.de/advisories/TKPN2005-12-001.txt" - }, - { - "name" : "http://www.trapkit.de/advisories/TKADV2005-12-001.txt", - "refsource" : "MISC", - "url" : "http://www.trapkit.de/advisories/TKADV2005-12-001.txt" - }, - { - "name" : "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", - "refsource" : "CONFIRM", - "url" : "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964" - }, - { - "name" : "15793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15793" - }, - { - "name" : "ADV-2005-2842", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2842" - }, - { - "name" : "22156", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22156" - }, - { - "name" : "22157", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22157" - }, - { - "name" : "22158", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22158" - }, - { - "name" : "1015407", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015407" - }, - { - "name" : "18000", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18000" - }, - { - "name" : "246", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/246" - }, - { - "name" : "294", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15793" + }, + { + "name": "22158", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22158" + }, + { + "name": "18000", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18000" + }, + { + "name": "22156", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22156" + }, + { + "name": "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419067/100/0/threaded" + }, + { + "name": "http://www.trapkit.de/advisories/TKPN2005-12-001.txt", + "refsource": "MISC", + "url": "http://www.trapkit.de/advisories/TKPN2005-12-001.txt" + }, + { + "name": "246", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/246" + }, + { + "name": "1015407", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015407" + }, + { + "name": "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", + "refsource": "CONFIRM", + "url": "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964" + }, + { + "name": "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html" + }, + { + "name": "22157", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22157" + }, + { + "name": "http://www.trapkit.de/advisories/TKADV2005-12-001.txt", + "refsource": "MISC", + "url": "http://www.trapkit.de/advisories/TKADV2005-12-001.txt" + }, + { + "name": "20051223 [TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420159/100/0/threaded" + }, + { + "name": "294", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/294" + }, + { + "name": "ADV-2005-2842", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2842" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4234.json b/2005/4xxx/CVE-2005-4234.json index ca8ca9c3930..ae9b6fc4c24 100644 --- a/2005/4xxx/CVE-2005-4234.json +++ b/2005/4xxx/CVE-2005-4234.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/encapsgallery-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/encapsgallery-sql-inj-vuln.html" - }, - { - "name" : "15836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15836" - }, - { - "name" : "ADV-2005-2878", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2878" - }, - { - "name" : "21696", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21696" - }, - { - "name" : "18021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/encapsgallery-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/encapsgallery-sql-inj-vuln.html" + }, + { + "name": "ADV-2005-2878", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2878" + }, + { + "name": "21696", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21696" + }, + { + "name": "18021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18021" + }, + { + "name": "15836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15836" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4344.json b/2005/4xxx/CVE-2005-4344.json index 2608f73052e..3a84cbc182d 100644 --- a/2005/4xxx/CVE-2005-4344.json +++ b/2005/4xxx/CVE-2005-4344.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html" - }, - { - "name" : "15904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15904" - }, - { - "name" : "ADV-2005-2948", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2948" - }, - { - "name" : "1015371", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015371" - }, - { - "name" : "18078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18078" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html" + }, + { + "name": "15904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15904" + }, + { + "name": "1015371", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015371" + }, + { + "name": "ADV-2005-2948", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2948" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4563.json b/2005/4xxx/CVE-2005-4563.json index 1fbc3e1da7f..43436861198 100644 --- a/2005/4xxx/CVE-2005-4563.json +++ b/2005/4xxx/CVE-2005-4563.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419895" - }, - { - "name" : "20051220 Enterprise Connector v.1.02 Multiple SQL", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113510305413525&w=2" - }, - { - "name" : "15984", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15984" - }, - { - "name" : "22163", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22163" - }, - { - "name" : "17743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17743" - }, - { - "name" : "278", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/278" - }, - { - "name" : "enterpriseconnector-main-sql-injection(23845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "278", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/278" + }, + { + "name": "20051220 Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419895" + }, + { + "name": "enterpriseconnector-main-sql-injection(23845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23845" + }, + { + "name": "20051220 Enterprise Connector v.1.02 Multiple SQL", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113510305413525&w=2" + }, + { + "name": "22163", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22163" + }, + { + "name": "15984", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15984" + }, + { + "name": "17743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17743" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4813.json b/2005/4xxx/CVE-2005-4813.json index bc035721c5c..4e2490d4962 100644 --- a/2005/4xxx/CVE-2005-4813.json +++ b/2005/4xxx/CVE-2005-4813.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.businessobjects.com/downloads/critical_updates/security_bulletin_june05.asp", - "refsource" : "CONFIRM", - "url" : "http://support.businessobjects.com/downloads/critical_updates/security_bulletin_june05.asp" - }, - { - "name" : "http://support.businessobjects.com/library/kbase/articles/c2017748.asp", - "refsource" : "CONFIRM", - "url" : "http://support.businessobjects.com/library/kbase/articles/c2017748.asp" - }, - { - "name" : "14433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14433" - }, - { - "name" : "18473", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18473" - }, - { - "name" : "1014604", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014604" - }, - { - "name" : "1014605", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014605" - }, - { - "name" : "16282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16282" - }, - { - "name" : "business-object-crystal-server-dos(21654)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014605", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014605" + }, + { + "name": "1014604", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014604" + }, + { + "name": "http://support.businessobjects.com/downloads/critical_updates/security_bulletin_june05.asp", + "refsource": "CONFIRM", + "url": "http://support.businessobjects.com/downloads/critical_updates/security_bulletin_june05.asp" + }, + { + "name": "14433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14433" + }, + { + "name": "http://support.businessobjects.com/library/kbase/articles/c2017748.asp", + "refsource": "CONFIRM", + "url": "http://support.businessobjects.com/library/kbase/articles/c2017748.asp" + }, + { + "name": "business-object-crystal-server-dos(21654)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21654" + }, + { + "name": "18473", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18473" + }, + { + "name": "16282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16282" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0733.json b/2009/0xxx/CVE-2009-0733.json index 101311ec131..cecf6232c48 100644 --- a/2009/0xxx/CVE-2009-0733.json +++ b/2009/0xxx/CVE-2009-0733.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090320 [oCERT-2009-003] LittleCMS integer errors", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502031/100/0/threaded" - }, - { - "name" : "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502018/100/0/threaded" - }, - { - "name" : "http://scary.beasts.org/security/CESA-2009-003.html", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2009-003.html" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2009-003.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2009-003.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487512" - }, - { - "name" : "DSA-1745", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1745" - }, - { - "name" : "DSA-1769", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1769" - }, - { - "name" : "FEDORA-2009-2903", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html" - }, - { - "name" : "FEDORA-2009-2910", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html" - }, - { - "name" : "FEDORA-2009-2928", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html" - }, - { - "name" : "FEDORA-2009-2970", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html" - }, - { - "name" : "FEDORA-2009-2982", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html" - }, - { - "name" : "FEDORA-2009-2983", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html" - }, - { - "name" : "FEDORA-2009-3034", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html" - }, - { - "name" : "GLSA-200904-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-19.xml" - }, - { - "name" : "MDVSA-2009:121", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121" - }, - { - "name" : "MDVSA-2009:137", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137" - }, - { - "name" : "MDVSA-2009:162", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162" - }, - { - "name" : "RHSA-2009:0339", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0339.html" - }, - { - "name" : "RHSA-2009:0377", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-0377.html" - }, - { - "name" : "SSA:2009-083-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "USN-744-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-744-1" - }, - { - "name" : "34185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34185" - }, - { - "name" : "oval:org.mitre.oval:def:9742", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742" - }, - { - "name" : "1021869", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021869" - }, - { - "name" : "34367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34367" - }, - { - "name" : "34382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34382" - }, - { - "name" : "34400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34400" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - }, - { - "name" : "34442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34442" - }, - { - "name" : "34450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34450" - }, - { - "name" : "34454", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34454" - }, - { - "name" : "34463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34463" - }, - { - "name" : "34408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34408" - }, - { - "name" : "34675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34675" - }, - { - "name" : "34632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34632" - }, - { - "name" : "34782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34782" - }, - { - "name" : "ADV-2009-0775", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0775" - }, - { - "name" : "littlecms-readsetofcurves-bo(49330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-2970", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html" + }, + { + "name": "littlecms-readsetofcurves-bo(49330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49330" + }, + { + "name": "MDVSA-2009:137", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137" + }, + { + "name": "34632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34632" + }, + { + "name": "34450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34450" + }, + { + "name": "1021869", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021869" + }, + { + "name": "FEDORA-2009-2928", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html" + }, + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "USN-744-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-744-1" + }, + { + "name": "DSA-1745", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1745" + }, + { + "name": "34675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34675" + }, + { + "name": "34454", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34454" + }, + { + "name": "34442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34442" + }, + { + "name": "FEDORA-2009-2982", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html" + }, + { + "name": "FEDORA-2009-3034", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html" + }, + { + "name": "FEDORA-2009-2903", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html" + }, + { + "name": "http://scary.beasts.org/security/CESA-2009-003.html", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2009-003.html" + }, + { + "name": "34382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34382" + }, + { + "name": "SSA:2009-083-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "20090320 [oCERT-2009-003] LittleCMS integer errors", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded" + }, + { + "name": "RHSA-2009:0377", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2009-003.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2009-003.html" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html" + }, + { + "name": "34782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34782" + }, + { + "name": "34367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34367" + }, + { + "name": "MDVSA-2009:162", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162" + }, + { + "name": "RHSA-2009:0339", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487512", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512" + }, + { + "name": "ADV-2009-0775", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0775" + }, + { + "name": "34463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34463" + }, + { + "name": "34408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34408" + }, + { + "name": "DSA-1769", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1769" + }, + { + "name": "34400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34400" + }, + { + "name": "MDVSA-2009:121", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121" + }, + { + "name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded" + }, + { + "name": "FEDORA-2009-2910", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html" + }, + { + "name": "oval:org.mitre.oval:def:9742", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742" + }, + { + "name": "34185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34185" + }, + { + "name": "GLSA-200904-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-19.xml" + }, + { + "name": "FEDORA-2009-2983", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2045.json b/2009/2xxx/CVE-2009-2045.json index 7371c3ab316..8969b74d2cc 100644 --- a/2009/2xxx/CVE-2009-2045.json +++ b/2009/2xxx/CVE-2009-2045.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-2045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad1002.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad1002.html" - }, - { - "name" : "20090624 Vulnerabilities in Cisco Video Surveillance Products", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ad0f8f.shtml" - }, - { - "name" : "1022446", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad1002.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad1002.html" + }, + { + "name": "1022446", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022446" + }, + { + "name": "20090624 Vulnerabilities in Cisco Video Surveillance Products", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ad0f8f.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2064.json b/2009/2xxx/CVE-2009-2064.json index 2c26b2593ae..a27ffa45ea8 100644 --- a/2009/2xxx/CVE-2009-2064.json +++ b/2009/2xxx/CVE-2009-2064.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" - }, - { - "name" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" - }, - { - "name" : "35403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35403" - }, - { - "name" : "ie-https-security-bypass(51186)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-https-security-bypass(51186)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186" + }, + { + "name": "35403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35403" + }, + { + "name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", + "refsource": "MISC", + "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" + }, + { + "name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", + "refsource": "MISC", + "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3097.json b/2009/3xxx/CVE-2009-3097.json index af3369530ef..fcb0d9c3159 100644 --- a/2009/3xxx/CVE-2009-3097.json +++ b/2009/3xxx/CVE-2009-3097.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36520" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3538.json b/2009/3xxx/CVE-2009-3538.json index 14a285e817b..6ed6c96bd74 100644 --- a/2009/3xxx/CVE-2009-3538.json +++ b/2009/3xxx/CVE-2009-3538.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "55743", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55743" - }, - { - "name" : "35726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35726" + }, + { + "name": "55743", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55743" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3673.json b/2009/3xxx/CVE-2009-3673.json index 7413b52eeab..a11ba0c58c3 100644 --- a/2009/3xxx/CVE-2009-3673.json +++ b/2009/3xxx/CVE-2009-3673.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-3673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-072", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072" - }, - { - "name" : "TA09-342A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-342A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6519", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6519" - }, - { - "name" : "1023293", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6519", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6519" + }, + { + "name": "MS09-072", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072" + }, + { + "name": "TA09-342A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html" + }, + { + "name": "1023293", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023293" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3911.json b/2009/3xxx/CVE-2009-3911.json index ee4756c2e6f..c5560427bc3 100644 --- a/2009/3xxx/CVE-2009-3911.json +++ b/2009/3xxx/CVE-2009-3911.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt" - }, - { - "name" : "36898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36898" - }, - { - "name" : "37156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37156" - }, - { - "name" : "tftgallery-sample-xss(54087)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37156" + }, + { + "name": "36898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36898" + }, + { + "name": "tftgallery-sample-xss(54087)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54087" + }, + { + "name": "http://packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4531.json b/2009/4xxx/CVE-2009-4531.json index 640595f2b88..a51f0876884 100644 --- a/2009/4xxx/CVE-2009-4531.json +++ b/2009/4xxx/CVE-2009-4531.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freetexthost.com/eiyfyt0km5", - "refsource" : "MISC", - "url" : "http://freetexthost.com/eiyfyt0km5" - }, - { - "name" : "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt" - }, - { - "name" : "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html", - "refsource" : "MISC", - "url" : "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html" - }, - { - "name" : "58857", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58857" - }, - { - "name" : "37013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37013" - }, - { - "name" : "httpdx-http-information-disclosure(53733)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://freetexthost.com/eiyfyt0km5", + "refsource": "MISC", + "url": "http://freetexthost.com/eiyfyt0km5" + }, + { + "name": "58857", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58857" + }, + { + "name": "httpdx-http-information-disclosure(53733)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733" + }, + { + "name": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt" + }, + { + "name": "37013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37013" + }, + { + "name": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html", + "refsource": "MISC", + "url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4657.json b/2009/4xxx/CVE-2009-4657.json index 3694da191be..acffad1836c 100644 --- a/2009/4xxx/CVE-2009-4657.json +++ b/2009/4xxx/CVE-2009-4657.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9717", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9717" - }, - { - "name" : "36454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9717", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9717" + }, + { + "name": "36454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36454" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4720.json b/2009/4xxx/CVE-2009-4720.json index 6f000781670..8acf625f7e6 100644 --- a/2009/4xxx/CVE-2009-4720.json +++ b/2009/4xxx/CVE-2009-4720.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539452", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539452" - }, - { - "name" : "56675", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56675" - }, - { - "name" : "36115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56675", + "refsource": "OSVDB", + "url": "http://osvdb.org/56675" + }, + { + "name": "36115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36115" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539452", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539452" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4756.json b/2009/4xxx/CVE-2009-4756.json index 5953a8b097d..c6aaebefcb0 100644 --- a/2009/4xxx/CVE-2009-4756.json +++ b/2009/4xxx/CVE-2009-4756.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8588", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8588" - }, - { - "name" : "8590", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8590" - }, - { - "name" : "8591", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8591" - }, - { - "name" : "8592", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8592" - }, - { - "name" : "34793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34793" - }, - { - "name" : "beatport-m3u-bo(50267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8588", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8588" + }, + { + "name": "34793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34793" + }, + { + "name": "8592", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8592" + }, + { + "name": "beatport-m3u-bo(50267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50267" + }, + { + "name": "8590", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8590" + }, + { + "name": "8591", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8591" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4914.json b/2009/4xxx/CVE-2009-4914.json index 6f6ad2e486d..26f69465026 100644 --- a/2009/4xxx/CVE-2009-4914.json +++ b/2009/4xxx/CVE-2009-4914.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2263.json b/2012/2xxx/CVE-2012-2263.json index 6812ec51524..a034b2c6624 100644 --- a/2012/2xxx/CVE-2012-2263.json +++ b/2012/2xxx/CVE-2012-2263.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2263", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2263", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0208.json b/2015/0xxx/CVE-2015-0208.json index 6360995316c..e7f60a71fe7 100644 --- a/2015/0xxx/CVE-2015-0208.json +++ b/2015/0xxx/CVE-2015-0208.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202369", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202369" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=4b22cce3812052fe64fc3f6d58d8cc884e3cb834", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=4b22cce3812052fe64fc3f6d58d8cc884e3cb834" - }, - { - "name" : "https://www.openssl.org/news/secadv_20150319.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20150319.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa92", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa92" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10110", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10110" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "GLSA-201503-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-11" - }, - { - "name" : "HPSBMU03380", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2" - }, - { - "name" : "HPSBMU03397", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050297101809&w=2" - }, - { - "name" : "HPSBMU03409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" - }, - { - "name" : "73230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73230" - }, - { - "name" : "1031929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=4b22cce3812052fe64fc3f6d58d8cc884e3cb834", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=4b22cce3812052fe64fc3f6d58d8cc884e3cb834" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "HPSBMU03409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202369", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202369" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa92", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa92" + }, + { + "name": "https://www.openssl.org/news/secadv_20150319.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20150319.txt" + }, + { + "name": "73230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73230" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "HPSBMU03380", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "HPSBMU03397", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2" + }, + { + "name": "1031929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031929" + }, + { + "name": "GLSA-201503-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-11" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0604.json b/2015/0xxx/CVE-2015-0604.json index bd26d1708c7..2ac2071db18 100644 --- a/2015/0xxx/CVE-2015-0604.json +++ b/2015/0xxx/CVE-2015-0604.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37346", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37346" - }, - { - "name" : "20150203 Cisco Unified IP Phone 9900 Series Arbitrary File Upload Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604" - }, - { - "name" : "72485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72485" - }, - { - "name" : "62761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62761" - }, - { - "name" : "cisco-unifiedipphone-cve20150604-file-upload(100620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-unifiedipphone-cve20150604-file-upload(100620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100620" + }, + { + "name": "20150203 Cisco Unified IP Phone 9900 Series Arbitrary File Upload Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604" + }, + { + "name": "62761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62761" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37346", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37346" + }, + { + "name": "72485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72485" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0821.json b/2015/0xxx/CVE-2015-0821.json index 7943e438a47..7377441d920 100644 --- a/2015/0xxx/CVE-2015-0821.json +++ b/2015/0xxx/CVE-2015-0821.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-25.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111960", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111960" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2015:0404", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:0570", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" - }, - { - "name" : "USN-2505-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2505-1" - }, - { - "name" : "72758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72758" - }, - { - "name" : "1031791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-25.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-25.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "openSUSE-SU-2015:0404", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111960", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111960" + }, + { + "name": "72758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72758" + }, + { + "name": "1031791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031791" + }, + { + "name": "openSUSE-SU-2015:0570", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" + }, + { + "name": "USN-2505-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2505-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1393.json b/2015/1xxx/CVE-2015-1393.json index 529af3238cc..dec87e94fa9 100644 --- a/2015/1xxx/CVE-2015-1393.json +++ b/2015/1xxx/CVE-2015-1393.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150128 [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534569/100/0/threaded" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150128 [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534569/100/0/threaded" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1424.json b/2015/1xxx/CVE-2015-1424.json index 28ca34fc5a0..97b876558c0 100644 --- a/2015/1xxx/CVE-2015-1424.json +++ b/2015/1xxx/CVE-2015-1424.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35767", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35767" - }, - { - "name" : "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php" - }, - { - "name" : "116966", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116966" - }, - { - "name" : "geckocms-newuser-csrf(99974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php" + }, + { + "name": "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html" + }, + { + "name": "35767", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35767" + }, + { + "name": "116966", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116966" + }, + { + "name": "geckocms-newuser-csrf(99974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99974" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1550.json b/2015/1xxx/CVE-2015-1550.json index 1633909d783..6a7263967b7 100644 --- a/2015/1xxx/CVE-2015-1550.json +++ b/2015/1xxx/CVE-2015-1550.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1906.json b/2015/1xxx/CVE-2015-1906.json index 8e2f4264b0f..ed118f740ad 100644 --- a/2015/1xxx/CVE-2015-1906.json +++ b/2015/1xxx/CVE-2015-1906.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700717", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700717" - }, - { - "name" : "JR52772", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772" - }, - { - "name" : "1033002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700717", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700717" + }, + { + "name": "JR52772", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772" + }, + { + "name": "1033002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033002" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1973.json b/2015/1xxx/CVE-2015-1973.json index 00a4426a7a2..4c8576f9b37 100644 --- a/2015/1xxx/CVE-2015-1973.json +++ b/2015/1xxx/CVE-2015-1973.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1973", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1973", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5330.json b/2015/5xxx/CVE-2015-5330.json index 8688f4da1c7..cdcc1874536 100644 --- a/2015/5xxx/CVE-2015-5330.json +++ b/2015/5xxx/CVE-2015-5330.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1281326", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1281326" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2015-5330.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2015-5330.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3433", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3433" - }, - { - "name" : "GLSA-201612-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-47" - }, - { - "name" : "openSUSE-SU-2016:1064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" - }, - { - "name" : "openSUSE-SU-2016:1106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:1107", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" - }, - { - "name" : "SUSE-SU-2015:2304", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html" - }, - { - "name" : "SUSE-SU-2015:2305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html" - }, - { - "name" : "SUSE-SU-2016:0032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html" - }, - { - "name" : "openSUSE-SU-2015:2354", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html" - }, - { - "name" : "openSUSE-SU-2015:2356", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html" - }, - { - "name" : "SUSE-SU-2016:0164", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html" - }, - { - "name" : "USN-2855-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2855-2" - }, - { - "name" : "USN-2855-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2855-1" - }, - { - "name" : "USN-2856-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2856-1" - }, - { - "name" : "79734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79734" - }, - { - "name" : "1034493", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15" + }, + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48" + }, + { + "name": "openSUSE-SU-2016:1064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" + }, + { + "name": "USN-2855-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2855-2" + }, + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b" + }, + { + "name": "SUSE-SU-2016:0032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html" + }, + { + "name": "USN-2856-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2856-1" + }, + { + "name": "SUSE-SU-2015:2304", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "SUSE-SU-2015:2305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281326", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281326" + }, + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2015-5330.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2015-5330.html" + }, + { + "name": "SUSE-SU-2016:0164", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html" + }, + { + "name": "openSUSE-SU-2015:2354", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html" + }, + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f" + }, + { + "name": "openSUSE-SU-2016:1106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" + }, + { + "name": "1034493", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034493" + }, + { + "name": "DSA-3433", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3433" + }, + { + "name": "openSUSE-SU-2016:1107", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" + }, + { + "name": "GLSA-201612-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-47" + }, + { + "name": "79734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79734" + }, + { + "name": "USN-2855-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2855-1" + }, + { + "name": "openSUSE-SU-2015:2356", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html" + }, + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5769.json b/2015/5xxx/CVE-2015-5769.json index 144e54a2da3..82e223445d1 100644 --- a/2015/5xxx/CVE-2015-5769.json +++ b/2015/5xxx/CVE-2015-5769.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76337" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "76337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76337" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5829.json b/2015/5xxx/CVE-2015-5829.json index 2051b9c57b4..8fc36db2f95 100644 --- a/2015/5xxx/CVE-2015-5829.json +++ b/2015/5xxx/CVE-2015-5829.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5835.json b/2015/5xxx/CVE-2015-5835.json index a8860fca46f..0af48594a60 100644 --- a/2015/5xxx/CVE-2015-5835.json +++ b/2015/5xxx/CVE-2015-5835.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3022.json b/2018/3xxx/CVE-2018-3022.json index 61119ec8ab8..e59639059d2 100644 --- a/2018/3xxx/CVE-2018-3022.json +++ b/2018/3xxx/CVE-2018-3022.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Banking Payments", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.4.0" - }, - { - "version_affected" : "=", - "version_value" : "12.5.0" - }, - { - "version_affected" : "=", - "version_value" : "14.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.2.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0" + }, + { + "version_affected": "=", + "version_value": "12.4.0" + }, + { + "version_affected": "=", + "version_value": "12.5.0" + }, + { + "version_affected": "=", + "version_value": "14.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104790" - }, - { - "name" : "1041307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104790" + }, + { + "name": "1041307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041307" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3309.json b/2018/3xxx/CVE-2018-3309.json index 83a291a7f62..c65ba3f014a 100644 --- a/2018/3xxx/CVE-2018-3309.json +++ b/2018/3xxx/CVE-2018-3309.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.22" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.22" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106572" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3358.json b/2018/3xxx/CVE-2018-3358.json index 204684cc806..0a1507182ed 100644 --- a/2018/3xxx/CVE-2018-3358.json +++ b/2018/3xxx/CVE-2018-3358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3358", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3358", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3424.json b/2018/3xxx/CVE-2018-3424.json index ebecf54d5df..3b3b298530c 100644 --- a/2018/3xxx/CVE-2018-3424.json +++ b/2018/3xxx/CVE-2018-3424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3424", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3424", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3892.json b/2018/3xxx/CVE-2018-3892.json index 36e1419ec61..2317647fe06 100644 --- a/2018/3xxx/CVE-2018-3892.json +++ b/2018/3xxx/CVE-2018-3892.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2018-3892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Yi Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Yi Technology Home Camera 27US 1.8.7.0D" - } - ] - } - } - ] - }, - "vendor_name" : "unknown" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2018-3892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yi Technology", + "version": { + "version_data": [ + { + "version_value": "Yi Technology Home Camera 27US 1.8.7.0D" + } + ] + } + } + ] + }, + "vendor_name": "unknown" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0567", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0567", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0567" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3928.json b/2018/3xxx/CVE-2018-3928.json index adf735964bd..ada9ab9c08e 100644 --- a/2018/3xxx/CVE-2018-3928.json +++ b/2018/3xxx/CVE-2018-3928.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-3928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Yi Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Yi Technology Home Camera 27US 1.8.7.0D" - } - ] - } - } - ] - }, - "vendor_name" : "Yi" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reversible One-Way Hash" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-3928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yi Technology", + "version": { + "version_data": [ + { + "version_value": "Yi Technology Home Camera 27US 1.8.7.0D" + } + ] + } + } + ] + }, + "vendor_name": "Yi" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0595", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reversible One-Way Hash" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0595", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0595" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6261.json b/2018/6xxx/CVE-2018-6261.json index 889ba97d166..6ded6d38a43 100644 --- a/2018/6xxx/CVE-2018-6261.json +++ b/2018/6xxx/CVE-2018-6261.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2018-09-27T00:00:00", - "ID" : "CVE-2018-6261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GeForce Experience", - "version" : { - "version_data" : [ - { - "version_value" : "3.15" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Code execution, denial of service, or escalation of privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2018-09-27T00:00:00", + "ID": "CVE-2018-6261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GeForce Experience", + "version": { + "version_data": [ + { + "version_value": "3.15" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", - "refsource" : "CONFIRM", - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code execution, denial of service, or escalation of privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6674.json b/2018/6xxx/CVE-2018-6674.json index 43fef97c393..abd5ddcb42f 100644 --- a/2018/6xxx/CVE-2018-6674.json +++ b/2018/6xxx/CVE-2018-6674.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "DATE_PUBLIC" : "2018-05-09T17:00:00.000Z", - "ID" : "CVE-2018-6674", - "STATE" : "PUBLIC", - "TITLE" : "SB10237 - VirusScan Enterprise (VSE) - Privilege Escalation vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : " VirusScan Enterprise (VSE)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "x86", - "version_name" : "8.8", - "version_value" : "8.8 Patch 11" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "PHYSICAL", - "availabilityImpact" : "HIGH", - "baseScore" : 6.8, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "2018-05-09T17:00:00.000Z", + "ID": "CVE-2018-6674", + "STATE": "PUBLIC", + "TITLE": "SB10237 - VirusScan Enterprise (VSE) - Privilege Escalation vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": " VirusScan Enterprise (VSE)", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "x86", + "version_name": "8.8", + "version_value": "8.8 Patch 11" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10237", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10237" - }, - { - "name" : "104180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104180" - }, - { - "name" : "1040893", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040893" - } - ] - }, - "source" : { - "advisory" : "SB10237", - "discovery" : "EXTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104180" + }, + { + "name": "1040893", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040893" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10237", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10237" + } + ] + }, + "source": { + "advisory": "SB10237", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6677.json b/2018/6xxx/CVE-2018-6677.json index 03fac4df83d..1381dfffc47 100644 --- a/2018/6xxx/CVE-2018-6677.json +++ b/2018/6xxx/CVE-2018-6677.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "ID" : "CVE-2018-6677", - "STATE" : "PUBLIC", - "TITLE" : "McAfee Web Gateway (MWG) - Directory Traversal vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "McAfee Web Gateway (MWG)", - "version" : { - "version_data" : [ - { - "affected" : ">=", - "platform" : "x86", - "version_name" : "7.8.1", - "version_value" : "7.8.1" - }, - { - "affected" : "!>", - "platform" : "x86", - "version_name" : "7.8.2", - "version_value" : "7.8.2" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.6, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal vulnerability\n" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2018-6677", + "STATE": "PUBLIC", + "TITLE": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Web Gateway (MWG)", + "version": { + "version_data": [ + { + "affected": ">=", + "platform": "x86", + "version_name": "7.8.1", + "version_value": "7.8.1" + }, + { + "affected": "!>", + "platform": "x86", + "version_name": "7.8.2", + "version_value": "7.8.2" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10245", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10245" - }, - { - "name" : "104893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104893" - } - ] - }, - "source" : { - "advisory" : "SB10245", - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal vulnerability\n" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104893" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10245", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10245" + } + ] + }, + "source": { + "advisory": "SB10245", + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6998.json b/2018/6xxx/CVE-2018-6998.json index b27879e734c..43dc9e1cf7a 100644 --- a/2018/6xxx/CVE-2018-6998.json +++ b/2018/6xxx/CVE-2018-6998.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6998", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6998", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7086.json b/2018/7xxx/CVE-2018-7086.json index a1e1b7b7c7b..78d8e232140 100644 --- a/2018/7xxx/CVE-2018-7086.json +++ b/2018/7xxx/CVE-2018-7086.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7086", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7086", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7147.json b/2018/7xxx/CVE-2018-7147.json index 8830082e490..83addc7aa73 100644 --- a/2018/7xxx/CVE-2018-7147.json +++ b/2018/7xxx/CVE-2018-7147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7147", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7147", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7270.json b/2018/7xxx/CVE-2018-7270.json index 46dc837588a..2d73f33268b 100644 --- a/2018/7xxx/CVE-2018-7270.json +++ b/2018/7xxx/CVE-2018-7270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7270", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7270", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7571.json b/2018/7xxx/CVE-2018-7571.json index e6937e2db8a..6a60317dc0c 100644 --- a/2018/7xxx/CVE-2018-7571.json +++ b/2018/7xxx/CVE-2018-7571.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7571", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7571", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8564.json b/2018/8xxx/CVE-2018-8564.json index 6fefc338b7a..c988ed0b7b1 100644 --- a/2018/8xxx/CVE-2018-8564.json +++ b/2018/8xxx/CVE-2018-8564.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka \"Microsoft Edge Spoofing Vulnerability.\" This affects Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8564", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8564" - }, - { - "name" : "105785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka \"Microsoft Edge Spoofing Vulnerability.\" This affects Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105785" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8564", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8564" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8624.json b/2018/8xxx/CVE-2018-8624.json index a92d4328696..c4f464fa5bb 100644 --- a/2018/8xxx/CVE-2018-8624.json +++ b/2018/8xxx/CVE-2018-8624.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8624", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8624" - }, - { - "name" : "106114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106114" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8624", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8624" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8692.json b/2018/8xxx/CVE-2018-8692.json index 17a90e78760..31afbbc51fe 100644 --- a/2018/8xxx/CVE-2018-8692.json +++ b/2018/8xxx/CVE-2018-8692.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8692", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8692", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8719.json b/2018/8xxx/CVE-2018-8719.json index 53c8b637482..4574ff3b08b 100644 --- a/2018/8xxx/CVE-2018-8719.json +++ b/2018/8xxx/CVE-2018-8719.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44371", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44371/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44371", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44371/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8756.json b/2018/8xxx/CVE-2018-8756.json index 2313424dece..043e2a8de69 100644 --- a/2018/8xxx/CVE-2018-8756.json +++ b/2018/8xxx/CVE-2018-8756.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_chinese.pdf", - "refsource" : "MISC", - "url" : "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_chinese.pdf" - }, - { - "name" : "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_english.pdf", - "refsource" : "MISC", - "url" : "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_english.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_english.pdf", + "refsource": "MISC", + "url": "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_english.pdf" + }, + { + "name": "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_chinese.pdf", + "refsource": "MISC", + "url": "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_chinese.pdf" + } + ] + } +} \ No newline at end of file