From 9853c1f81ded23f88f382a01fcf17d6735a7e544 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:42:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0154.json | 34 ++-- 2005/0xxx/CVE-2005-0212.json | 160 ++++++++-------- 2005/0xxx/CVE-2005-0445.json | 170 ++++++++--------- 2005/0xxx/CVE-2005-0540.json | 150 +++++++-------- 2005/0xxx/CVE-2005-0780.json | 120 ++++++------ 2005/3xxx/CVE-2005-3021.json | 150 +++++++-------- 2005/3xxx/CVE-2005-3272.json | 220 ++++++++++----------- 2005/3xxx/CVE-2005-3407.json | 170 ++++++++--------- 2005/3xxx/CVE-2005-3746.json | 160 ++++++++-------- 2005/3xxx/CVE-2005-3844.json | 170 ++++++++--------- 2005/4xxx/CVE-2005-4836.json | 130 ++++++------- 2009/0xxx/CVE-2009-0498.json | 120 ++++++------ 2009/0xxx/CVE-2009-0582.json | 340 ++++++++++++++++----------------- 2009/0xxx/CVE-2009-0801.json | 130 ++++++------- 2009/2xxx/CVE-2009-2279.json | 34 ++-- 2009/2xxx/CVE-2009-2710.json | 34 ++-- 2009/2xxx/CVE-2009-2736.json | 160 ++++++++-------- 2009/3xxx/CVE-2009-3128.json | 150 +++++++-------- 2009/3xxx/CVE-2009-3232.json | 170 ++++++++--------- 2009/3xxx/CVE-2009-3837.json | 180 ++++++++--------- 2009/4xxx/CVE-2009-4267.json | 132 ++++++------- 2009/4xxx/CVE-2009-4811.json | 190 +++++++++--------- 2012/2xxx/CVE-2012-2056.json | 140 +++++++------- 2012/2xxx/CVE-2012-2127.json | 220 ++++++++++----------- 2015/0xxx/CVE-2015-0134.json | 130 ++++++------- 2015/0xxx/CVE-2015-0247.json | 290 ++++++++++++++-------------- 2015/0xxx/CVE-2015-0310.json | 190 +++++++++--------- 2015/0xxx/CVE-2015-0403.json | 270 +++++++++++++------------- 2015/0xxx/CVE-2015-0807.json | 280 +++++++++++++-------------- 2015/1xxx/CVE-2015-1053.json | 190 +++++++++--------- 2015/1xxx/CVE-2015-1625.json | 140 +++++++------- 2015/1xxx/CVE-2015-1631.json | 130 ++++++------- 2015/5xxx/CVE-2015-5138.json | 34 ++-- 2015/5xxx/CVE-2015-5166.json | 170 ++++++++--------- 2015/5xxx/CVE-2015-5734.json | 210 ++++++++++---------- 2015/5xxx/CVE-2015-5884.json | 150 +++++++-------- 2018/11xxx/CVE-2018-11227.json | 34 ++-- 2018/3xxx/CVE-2018-3062.json | 188 +++++++++--------- 2018/3xxx/CVE-2018-3148.json | 172 ++++++++--------- 2018/3xxx/CVE-2018-3335.json | 34 ++-- 2018/3xxx/CVE-2018-3393.json | 34 ++-- 2018/3xxx/CVE-2018-3403.json | 34 ++-- 2018/3xxx/CVE-2018-3671.json | 122 ++++++------ 2018/3xxx/CVE-2018-3674.json | 34 ++-- 2018/6xxx/CVE-2018-6521.json | 140 +++++++------- 2018/7xxx/CVE-2018-7260.json | 150 +++++++-------- 2018/7xxx/CVE-2018-7294.json | 34 ++-- 2018/7xxx/CVE-2018-7837.json | 130 ++++++------- 2018/7xxx/CVE-2018-7853.json | 34 ++-- 2018/8xxx/CVE-2018-8076.json | 120 ++++++------ 2018/8xxx/CVE-2018-8279.json | 200 +++++++++---------- 2018/8xxx/CVE-2018-8821.json | 120 ++++++------ 2018/8xxx/CVE-2018-8976.json | 130 ++++++------- 53 files changed, 3764 insertions(+), 3764 deletions(-) diff --git a/2005/0xxx/CVE-2005-0154.json b/2005/0xxx/CVE-2005-0154.json index e2555ab4c91..76c5de54fb3 100644 --- a/2005/0xxx/CVE-2005-0154.json +++ b/2005/0xxx/CVE-2005-0154.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0154", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0154", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0212.json b/2005/0xxx/CVE-2005-0212.json index 7d9c2238d2a..4409e36d782 100644 --- a/2005/0xxx/CVE-2005-0212.json +++ b/2005/0xxx/CVE-2005-0212.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero byte UDP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050106 Socket unreacheable in Amp II engine", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110503597505648&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/amp2zero-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/amp2zero-adv.txt" - }, - { - "name" : "12192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12192" - }, - { - "name" : "13754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13754" - }, - { - "name" : "amp-3d-socket-dos(18789)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero byte UDP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "amp-3d-socket-dos(18789)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18789" + }, + { + "name": "20050106 Socket unreacheable in Amp II engine", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110503597505648&w=2" + }, + { + "name": "12192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12192" + }, + { + "name": "http://aluigi.altervista.org/adv/amp2zero-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/amp2zero-adv.txt" + }, + { + "name": "13754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13754" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0445.json b/2005/0xxx/CVE-2005-0445.json index 8f758727e2c..c7b00dec29a 100644 --- a/2005/0xxx/CVE-2005-0445.json +++ b/2005/0xxx/CVE-2005-0445.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12547" - }, - { - "name" : "1013172", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013172" - }, - { - "name" : "14253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14253" - }, - { - "name" : "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt", - "refsource" : "CONFIRM", - "url" : "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt" - }, - { - "name" : "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch", - "refsource" : "CONFIRM", - "url" : "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch" - }, - { - "name" : "open-webmail-logindomain-xss(19335)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14253" + }, + { + "name": "12547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12547" + }, + { + "name": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch", + "refsource": "CONFIRM", + "url": "http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch" + }, + { + "name": "open-webmail-logindomain-xss(19335)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19335" + }, + { + "name": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt", + "refsource": "CONFIRM", + "url": "http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt" + }, + { + "name": "1013172", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013172" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0540.json b/2005/0xxx/CVE-2005-0540.json index 2f9ac4f5afe..b1526a77fbe 100644 --- a/2005/0xxx/CVE-2005-0540.json +++ b/2005/0xxx/CVE-2005-0540.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050224 Cyclades AlterPath Manager Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110924450827137&w=2" - }, - { - "name" : "http://www.cirt.net/advisories/alterpath_disclosure.shtml", - "refsource" : "MISC", - "url" : "http://www.cirt.net/advisories/alterpath_disclosure.shtml" - }, - { - "name" : "14073", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14073" - }, - { - "name" : "14378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14378" + }, + { + "name": "20050224 Cyclades AlterPath Manager Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110924450827137&w=2" + }, + { + "name": "http://www.cirt.net/advisories/alterpath_disclosure.shtml", + "refsource": "MISC", + "url": "http://www.cirt.net/advisories/alterpath_disclosure.shtml" + }, + { + "name": "14073", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14073" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0780.json b/2005/0xxx/CVE-2005-0780.json index da76c1039e2..cda5a3d434c 100644 --- a/2005/0xxx/CVE-2005-0780.json +++ b/2005/0xxx/CVE-2005-0780.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050312 [SECURITYREASON.COM] Mass Full Path Disclosure in paFileDB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111066293914977&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050312 [SECURITYREASON.COM] Mass Full Path Disclosure in paFileDB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111066293914977&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3021.json b/2005/3xxx/CVE-2005-3021.json index 27d62b76b63..3fa3315580d 100644 --- a/2005/3xxx/CVE-2005-3021.json +++ b/2005/3xxx/CVE-2005-3021.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112715150320677&w=2" - }, - { - "name" : "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt", - "refsource" : "MISC", - "url" : "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt" - }, - { - "name" : "16873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16873/" - }, - { - "name" : "vbulletin-image-file-upload(22325)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vbulletin-image-file-upload(22325)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22325" + }, + { + "name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt", + "refsource": "MISC", + "url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt" + }, + { + "name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112715150320677&w=2" + }, + { + "name": "16873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16873/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3272.json b/2005/3xxx/CVE-2005-3272.json index 2835d95a06f..6c04ee0e6e8 100644 --- a/2005/3xxx/CVE-2005-3272.json +++ b/2005/3xxx/CVE-2005-3272.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@429a310bRFOXOmZvKaGXW8A5Qd9F1A", - "refsource" : "CONFIRM", - "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@429a310bRFOXOmZvKaGXW8A5Qd9F1A" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" - }, - { - "name" : "DSA-922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-922" - }, - { - "name" : "MDKSA-2007:025", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" - }, - { - "name" : "RHSA-2006:0493", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html" - }, - { - "name" : "USN-219-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/219-1/" - }, - { - "name" : "15536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15536" - }, - { - "name" : "oval:org.mitre.oval:def:10157", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10157" - }, - { - "name" : "18056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18056" - }, - { - "name" : "20237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20237" - }, - { - "name" : "21745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" + }, + { + "name": "RHSA-2006:0493", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html" + }, + { + "name": "18056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18056" + }, + { + "name": "MDKSA-2007:025", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" + }, + { + "name": "21745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21745" + }, + { + "name": "DSA-922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-922" + }, + { + "name": "USN-219-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/219-1/" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.6/cset@429a310bRFOXOmZvKaGXW8A5Qd9F1A", + "refsource": "CONFIRM", + "url": "http://linux.bkbits.net:8080/linux-2.6/cset@429a310bRFOXOmZvKaGXW8A5Qd9F1A" + }, + { + "name": "20237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20237" + }, + { + "name": "oval:org.mitre.oval:def:10157", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10157" + }, + { + "name": "15536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15536" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3407.json b/2005/3xxx/CVE-2005-3407.json index 7117124ae1f..cddb6815bf8 100644 --- a/2005/3xxx/CVE-2005-3407.json +++ b/2005/3xxx/CVE-2005-3407.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/phpesp/phpESP/docs/CHANGES?rev=.&content-type=text/plain", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/phpesp/phpESP/docs/CHANGES?rev=.&content-type=text/plain" - }, - { - "name" : "15232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15232" - }, - { - "name" : "ADV-2005-2237", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2237" - }, - { - "name" : "20358", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20358" - }, - { - "name" : "17333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17333" - }, - { - "name" : "phpesp-unknown-sql-injection(22905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20358", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20358" + }, + { + "name": "phpesp-unknown-sql-injection(22905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22905" + }, + { + "name": "ADV-2005-2237", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2237" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/phpesp/phpESP/docs/CHANGES?rev=.&content-type=text/plain", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/phpesp/phpESP/docs/CHANGES?rev=.&content-type=text/plain" + }, + { + "name": "15232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15232" + }, + { + "name": "17333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17333" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3746.json b/2005/3xxx/CVE-2005-3746.json index 82a0a0bf9d7..9aec6a08fd4 100644 --- a/2005/3xxx/CVE-2005-3746.json +++ b/2005/3xxx/CVE-2005-3746.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051120 APBoard v [all] ---> [SQL injection]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417298" - }, - { - "name" : "15513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15513" - }, - { - "name" : "21289", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21289" - }, - { - "name" : "198", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/198" - }, - { - "name" : "apboard-thread-sql-injection(23200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21289", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21289" + }, + { + "name": "198", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/198" + }, + { + "name": "15513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15513" + }, + { + "name": "apboard-thread-sql-injection(23200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23200" + }, + { + "name": "20051120 APBoard v [all] ---> [SQL injection]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417298" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3844.json b/2005/3xxx/CVE-2005-3844.json index db6d7665209..e1bff9fefbf 100644 --- a/2005/3xxx/CVE-2005-3844.json +++ b/2005/3xxx/CVE-2005-3844.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html" - }, - { - "name" : "http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181", - "refsource" : "CONFIRM", - "url" : "http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181" - }, - { - "name" : "15582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15582" - }, - { - "name" : "ADV-2005-2594", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2594" - }, - { - "name" : "21110", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21110" - }, - { - "name" : "17733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2594", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2594" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html" + }, + { + "name": "17733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17733" + }, + { + "name": "http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181", + "refsource": "CONFIRM", + "url": "http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181" + }, + { + "name": "15582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15582" + }, + { + "name": "21110", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21110" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4836.json b/2005/4xxx/CVE-2005-4836.json index 50a2995e966..c53b67ffa0c 100644 --- a/2005/4xxx/CVE-2005-4836.json +++ b/2005/4xxx/CVE-2005-4836.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-4836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "28483", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "28483", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28483" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0498.json b/2009/0xxx/CVE-2009-0498.json index 97ac7928b2f..726023693e6 100644 --- a/2009/0xxx/CVE-2009-0498.json +++ b/2009/0xxx/CVE-2009-0498.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7744", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7744", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7744" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0582.json b/2009/0xxx/CVE-2009-0582.json index 914008081a7..0d2a4a61aaa 100644 --- a/2009/0xxx/CVE-2009-0582.json +++ b/2009/0xxx/CVE-2009-0582.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[release-team] 20090312 Another Evolution-Data-Server freeze break", - "refsource" : "MLIST", - "url" : "http://mail.gnome.org/archives/release-team/2009-March/msg00096.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487685", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487685" - }, - { - "name" : "DSA-1813", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1813" - }, - { - "name" : "FEDORA-2009-2784", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html" - }, - { - "name" : "FEDORA-2009-2792", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html" - }, - { - "name" : "MDVSA-2009:078", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:078" - }, - { - "name" : "RHSA-2009:0354", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0354.html" - }, - { - "name" : "RHSA-2009:0355", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0355.html" - }, - { - "name" : "RHSA-2009:0358", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0358.html" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "34109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34109" - }, - { - "name" : "52673", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52673" - }, - { - "name" : "oval:org.mitre.oval:def:10081", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081" - }, - { - "name" : "1021845", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021845" - }, - { - "name" : "34286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34286" - }, - { - "name" : "34338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34338" - }, - { - "name" : "34339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34339" - }, - { - "name" : "34348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34348" - }, - { - "name" : "34363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34363" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "35357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35357" - }, - { - "name" : "ADV-2009-0716", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0716" - }, - { - "name" : "evolution-ntlmsasl-info-disclosure(49233)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35357" + }, + { + "name": "52673", + "refsource": "OSVDB", + "url": "http://osvdb.org/52673" + }, + { + "name": "ADV-2009-0716", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0716" + }, + { + "name": "FEDORA-2009-2792", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html" + }, + { + "name": "34339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34339" + }, + { + "name": "RHSA-2009:0358", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0358.html" + }, + { + "name": "34348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34348" + }, + { + "name": "oval:org.mitre.oval:def:10081", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081" + }, + { + "name": "34363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34363" + }, + { + "name": "[release-team] 20090312 Another Evolution-Data-Server freeze break", + "refsource": "MLIST", + "url": "http://mail.gnome.org/archives/release-team/2009-March/msg00096.html" + }, + { + "name": "1021845", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021845" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "evolution-ntlmsasl-info-disclosure(49233)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49233" + }, + { + "name": "34109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34109" + }, + { + "name": "RHSA-2009:0355", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0355.html" + }, + { + "name": "DSA-1813", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1813" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487685", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487685" + }, + { + "name": "RHSA-2009:0354", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0354.html" + }, + { + "name": "34338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34338" + }, + { + "name": "FEDORA-2009-2784", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html" + }, + { + "name": "MDVSA-2009:078", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:078" + }, + { + "name": "34286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34286" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0801.json b/2009/0xxx/CVE-2009-0801.json index 62ee7a2d91b..98f2dd666fd 100644 --- a/2009/0xxx/CVE-2009-0801.json +++ b/2009/0xxx/CVE-2009-0801.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#435052", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/435052" - }, - { - "name" : "33858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33858" + }, + { + "name": "VU#435052", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/435052" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2279.json b/2009/2xxx/CVE-2009-2279.json index f6d51f9da78..3a31a19cb13 100644 --- a/2009/2xxx/CVE-2009-2279.json +++ b/2009/2xxx/CVE-2009-2279.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2279", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2279", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2710.json b/2009/2xxx/CVE-2009-2710.json index 9d6ff69c580..64104e7611e 100644 --- a/2009/2xxx/CVE-2009-2710.json +++ b/2009/2xxx/CVE-2009-2710.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2710", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-2710", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2736.json b/2009/2xxx/CVE-2009-2736.json index dae193f8d19..f236241ff41 100644 --- a/2009/2xxx/CVE-2009-2736.json +++ b/2009/2xxx/CVE-2009-2736.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the \"Overall Width\" field in a setconfig action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9371", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9371" - }, - { - "name" : "56813", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56813" - }, - { - "name" : "36154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36154" - }, - { - "name" : "ADV-2009-2168", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2168" - }, - { - "name" : "opennews-admin-sql-injection(52289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the \"Overall Width\" field in a setconfig action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9371", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9371" + }, + { + "name": "opennews-admin-sql-injection(52289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52289" + }, + { + "name": "36154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36154" + }, + { + "name": "56813", + "refsource": "OSVDB", + "url": "http://osvdb.org/56813" + }, + { + "name": "ADV-2009-2168", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2168" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3128.json b/2009/3xxx/CVE-2009-3128.json index cb03625c18b..47ffc5e191d 100644 --- a/2009/3xxx/CVE-2009-3128.json +++ b/2009/3xxx/CVE-2009-3128.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka \"Excel SxView Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-3128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-067", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067" - }, - { - "name" : "TA09-314A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-314A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6474", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6474" - }, - { - "name" : "1023157", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka \"Excel SxView Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023157", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023157" + }, + { + "name": "oval:org.mitre.oval:def:6474", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6474" + }, + { + "name": "TA09-314A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html" + }, + { + "name": "MS09-067", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3232.json b/2009/3xxx/CVE-2009-3232.json index 76c1dcac028..bf3dbff799b 100644 --- a/2009/3xxx/CVE-2009-3232.json +++ b/2009/3xxx/CVE-2009-3232.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an \"empty selection\" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090908 CVE request - Debian/Ubuntu PAM auth module selection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/08/7" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927" - }, - { - "name" : "https://launchpad.net/bugs/410171", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/410171" - }, - { - "name" : "USN-828-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/828-1/" - }, - { - "name" : "36306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36306" - }, - { - "name" : "36620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an \"empty selection\" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927" + }, + { + "name": "https://launchpad.net/bugs/410171", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/410171" + }, + { + "name": "36620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36620" + }, + { + "name": "[oss-security] 20090908 CVE request - Debian/Ubuntu PAM auth module selection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/08/7" + }, + { + "name": "36306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36306" + }, + { + "name": "USN-828-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/828-1/" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3837.json b/2009/3xxx/CVE-2009-3837.json index e2538e55adb..7f44b1e8d91 100644 --- a/2009/3xxx/CVE-2009-3837.json +++ b/2009/3xxx/CVE-2009-3837.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091022 {PRL} Eureka Mail client BoF", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507376/100/0/threaded" - }, - { - "name" : "20091130 Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508126/100/0/threaded" - }, - { - "name" : "http://www.packetstormsecurity.org/0910-exploits/eurekamc-dos.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0910-exploits/eurekamc-dos.txt" - }, - { - "name" : "59262", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59262" - }, - { - "name" : "37132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37132" - }, - { - "name" : "ADV-2009-3025", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3025" - }, - { - "name" : "eurekaemail-pop3-bo(53940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091022 {PRL} Eureka Mail client BoF", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507376/100/0/threaded" + }, + { + "name": "59262", + "refsource": "OSVDB", + "url": "http://osvdb.org/59262" + }, + { + "name": "ADV-2009-3025", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3025" + }, + { + "name": "http://www.packetstormsecurity.org/0910-exploits/eurekamc-dos.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0910-exploits/eurekamc-dos.txt" + }, + { + "name": "eurekaemail-pop3-bo(53940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53940" + }, + { + "name": "20091130 Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508126/100/0/threaded" + }, + { + "name": "37132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37132" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4267.json b/2009/4xxx/CVE-2009-4267.json index 550ecaf49a4..f073b7c92b3 100644 --- a/2009/4xxx/CVE-2009-4267.json +++ b/2009/4xxx/CVE-2009-4267.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-02-08T00:00:00", - "ID" : "CVE-2009-4267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jUDDI", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0 fixed in 3.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-02-08T00:00:00", + "ID": "CVE-2009-4267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jUDDI", + "version": { + "version_data": [ + { + "version_value": "3.0.0 fixed in 3.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[juddi-user] 20180208 [Announce] CVE-2009-4267 - vulnerability in jUDDI 3.0.0 console.", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/juddi-user/201802.mbox/raw/%3C0F272EE1-E2B4-4016-8C5D-F76ABDD12D18%40gmail.com%3E" - }, - { - "name" : "http://juddi.apache.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://juddi.apache.org/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[juddi-user] 20180208 [Announce] CVE-2009-4267 - vulnerability in jUDDI 3.0.0 console.", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/juddi-user/201802.mbox/raw/%3C0F272EE1-E2B4-4016-8C5D-F76ABDD12D18%40gmail.com%3E" + }, + { + "name": "http://juddi.apache.org/security.html", + "refsource": "CONFIRM", + "url": "http://juddi.apache.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4811.json b/2009/4xxx/CVE-2009-4811.json index 7f4aa4c3a52..bbbfe747ab7 100644 --- a/2009/4xxx/CVE-2009-4811.json +++ b/2009/4xxx/CVE-2009-4811.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" - }, - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" - }, - { - "name" : "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" - }, - { - "name" : "http://freetexthost.com/qr1tffkzpu", - "refsource" : "MISC", - "url" : "http://freetexthost.com/qr1tffkzpu" - }, - { - "name" : "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html", - "refsource" : "MISC", - "url" : "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", - "refsource" : "MISC", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "36630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "36630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36630" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", + "refsource": "MISC", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" + }, + { + "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" + }, + { + "name": "http://freetexthost.com/qr1tffkzpu", + "refsource": "MISC", + "url": "http://freetexthost.com/qr1tffkzpu" + }, + { + "name": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html", + "refsource": "MISC", + "url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2056.json b/2012/2xxx/CVE-2012-2056.json index e963e8afe01..5967b48f84a 100644 --- a/2012/2xxx/CVE-2012-2056.json +++ b/2012/2xxx/CVE-2012-2056.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1482126", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1482126" - }, - { - "name" : "52502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1482126", + "refsource": "MISC", + "url": "http://drupal.org/node/1482126" + }, + { + "name": "52502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52502" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2127.json b/2012/2xxx/CVE-2012-2127.json index 40f04a8f55d..f78fcb9474d 100644 --- a/2012/2xxx/CVE-2012-2127.json +++ b/2012/2xxx/CVE-2012-2127.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120420 Re: CVE request: pid namespace leak in kernel 3.0 and 3.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/20/25" - }, - { - "name" : "[oss-security] 20120422 Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/22/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=905ad269c55fc62bee3da29f7b1d1efeba8aa1e1", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=905ad269c55fc62bee3da29f7b1d1efeba8aa1e1" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=757783", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=757783" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=815188", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=815188" - }, - { - "name" : "https://github.com/torvalds/linux/commit/905ad269c55fc62bee3da29f7b1d1efeba8aa1e1", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/905ad269c55fc62bee3da29f7b1d1efeba8aa1e1" - }, - { - "name" : "USN-1607-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1607-1" - }, - { - "name" : "USN-1594-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1594-1" - }, - { - "name" : "55774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/905ad269c55fc62bee3da29f7b1d1efeba8aa1e1", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/905ad269c55fc62bee3da29f7b1d1efeba8aa1e1" + }, + { + "name": "USN-1594-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1594-1" + }, + { + "name": "[oss-security] 20120422 Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/22/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=815188", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815188" + }, + { + "name": "USN-1607-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1607-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/" + }, + { + "name": "55774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55774" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=905ad269c55fc62bee3da29f7b1d1efeba8aa1e1", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=905ad269c55fc62bee3da29f7b1d1efeba8aa1e1" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=757783", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=757783" + }, + { + "name": "[oss-security] 20120420 Re: CVE request: pid namespace leak in kernel 3.0 and 3.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/20/25" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0134.json b/2015/0xxx/CVE-2015-0134.json index 12e0ff7d359..7857b9736b1 100644 --- a/2015/0xxx/CVE-2015-0134.json +++ b/2015/0xxx/CVE-2015-0134.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700029", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700029" - }, - { - "name" : "1032027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029" + }, + { + "name": "1032027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032027" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0247.json b/2015/0xxx/CVE-2015-0247.json index 300bf235d90..188213f7664 100644 --- a/2015/0xxx/CVE-2015-0247.json +++ b/2015/0xxx/CVE-2015-0247.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150205 [oCERT-2015-002] e2fsprogs input sanitization errors", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534633/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2015-002.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2015-002.html" - }, - { - "name" : "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1187032" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0061.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0061.html" - }, - { - "name" : "DSA-3166", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3166" - }, - { - "name" : "FEDORA-2015-1840", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html" - }, - { - "name" : "FEDORA-2015-2511", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html" - }, - { - "name" : "FEDORA-2015-2516", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html" - }, - { - "name" : "GLSA-201701-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-06" - }, - { - "name" : "MDVSA-2015:045", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045" - }, - { - "name" : "MDVSA-2015:067", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067" - }, - { - "name" : "openSUSE-SU-2015:1006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html" - }, - { - "name" : "SUSE-SU-2015:1103", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html" - }, - { - "name" : "USN-2507-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2507-1" - }, - { - "name" : "72520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72520" - }, - { - "name" : "e2fsprogs-cve20150247-bo(100740)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-06" + }, + { + "name": "FEDORA-2015-2511", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html" + }, + { + "name": "e2fsprogs-cve20150247-bo(100740)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740" + }, + { + "name": "20150205 [oCERT-2015-002] e2fsprogs input sanitization errors", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534633/100/0/threaded" + }, + { + "name": "DSA-3166", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3166" + }, + { + "name": "openSUSE-SU-2015:1006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0061.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0061.html" + }, + { + "name": "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2015-002.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2015-002.html" + }, + { + "name": "FEDORA-2015-2516", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html" + }, + { + "name": "USN-2507-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2507-1" + }, + { + "name": "72520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72520" + }, + { + "name": "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4" + }, + { + "name": "FEDORA-2015-1840", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html" + }, + { + "name": "MDVSA-2015:045", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045" + }, + { + "name": "MDVSA-2015:067", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187032" + }, + { + "name": "SUSE-SU-2015:1103", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0310.json b/2015/0xxx/CVE-2015-0310.json index 95639f6d56e..acc3085a49b 100644 --- a/2015/0xxx/CVE-2015-0310.json +++ b/2015/0xxx/CVE-2015-0310.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb15-02.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb15-02.html" - }, - { - "name" : "GLSA-201502-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-02.xml" - }, - { - "name" : "72261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72261" - }, - { - "name" : "1031609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031609" - }, - { - "name" : "62452", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62452" - }, - { - "name" : "62601", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62601" - }, - { - "name" : "62660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62660" - }, - { - "name" : "62740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201502-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml" + }, + { + "name": "72261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72261" + }, + { + "name": "62660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62660" + }, + { + "name": "62740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62740" + }, + { + "name": "1031609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031609" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb15-02.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb15-02.html" + }, + { + "name": "62452", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62452" + }, + { + "name": "62601", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62601" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0403.json b/2015/0xxx/CVE-2015-0403.json index 214f2b60c03..b7d63193bec 100644 --- a/2015/0xxx/CVE-2015-0403.json +++ b/2015/0xxx/CVE-2015-0403.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", - "refsource" : "CONFIRM", - "url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" - }, - { - "name" : "GLSA-201507-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-14" - }, - { - "name" : "HPSBUX03273", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2" - }, - { - "name" : "SSRT101951", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2" - }, - { - "name" : "HPSBUX03281", - "refsource" : "HP", - "url" : "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" - }, - { - "name" : "SSRT101968", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142607790919348&w=2" - }, - { - "name" : "RHSA-2015:0079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0079.html" - }, - { - "name" : "RHSA-2015:0080", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0080.html" - }, - { - "name" : "RHSA-2015:0086", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0086.html" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "SUSE-SU-2015:0336", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" - }, - { - "name" : "72148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72148" - }, - { - "name" : "1031580", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031580" - }, - { - "name" : "oracle-cpujan2015-cve20150403(100145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-cpujan2015-cve20150403(100145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100145" + }, + { + "name": "72148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72148" + }, + { + "name": "RHSA-2015:0079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "RHSA-2015:0086", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html" + }, + { + "name": "SUSE-SU-2015:0336", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" + }, + { + "name": "RHSA-2015:0080", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html" + }, + { + "name": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", + "refsource": "CONFIRM", + "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474" + }, + { + "name": "GLSA-201507-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-14" + }, + { + "name": "SSRT101951", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" + }, + { + "name": "HPSBUX03281", + "refsource": "HP", + "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" + }, + { + "name": "SSRT101968", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2" + }, + { + "name": "HPSBUX03273", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" + }, + { + "name": "1031580", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031580" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0807.json b/2015/0xxx/CVE-2015-0807.json index 7f3d9338f9d..f0bb1d05d19 100644 --- a/2015/0xxx/CVE-2015-0807.json +++ b/2015/0xxx/CVE-2015-0807.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-37.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-37.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111834", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111834" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3211", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3211" - }, - { - "name" : "DSA-3212", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3212" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "RHSA-2015:0766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0766.html" - }, - { - "name" : "RHSA-2015:0771", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0771.html" - }, - { - "name" : "SUSE-SU-2015:0704", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" - }, - { - "name" : "openSUSE-SU-2015:0677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "openSUSE-SU-2015:0892", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" - }, - { - "name" : "USN-2550-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2550-1" - }, - { - "name" : "USN-2552-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2552-1" - }, - { - "name" : "73457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73457" - }, - { - "name" : "1031996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031996" - }, - { - "name" : "1032000", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73457" + }, + { + "name": "1031996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031996" + }, + { + "name": "openSUSE-SU-2015:0892", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "DSA-3212", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3212" + }, + { + "name": "SUSE-SU-2015:0704", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" + }, + { + "name": "USN-2552-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2552-1" + }, + { + "name": "RHSA-2015:0766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0766.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-37.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-37.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111834", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111834" + }, + { + "name": "USN-2550-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2550-1" + }, + { + "name": "1032000", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032000" + }, + { + "name": "openSUSE-SU-2015:0677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" + }, + { + "name": "RHSA-2015:0771", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0771.html" + }, + { + "name": "DSA-3211", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3211" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1053.json b/2015/1xxx/CVE-2015-1053.json index febbf23d498..637f197cc67 100644 --- a/2015/1xxx/CVE-2015-1053.json +++ b/2015/1xxx/CVE-2015-1053.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150112 Reflecting XSS vulnerability in CMS Croogo v.2.2.0", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/24" - }, - { - "name" : "http://packetstormsecurity.com/files/129916/CMS-Croogo-2.2.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129916/CMS-Croogo-2.2.0-Cross-Site-Scripting.html" - }, - { - "name" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-02.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-02.html" - }, - { - "name" : "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-02.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-02.html" - }, - { - "name" : "https://blog.croogo.org/blog/croogo-221-released", - "refsource" : "CONFIRM", - "url" : "https://blog.croogo.org/blog/croogo-221-released" - }, - { - "name" : "https://github.com/croogo/croogo/issues/599", - "refsource" : "CONFIRM", - "url" : "https://github.com/croogo/croogo/issues/599" - }, - { - "name" : "71999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71999" - }, - { - "name" : "croogo-filemanagereditfile-xss(99890)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129916/CMS-Croogo-2.2.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129916/CMS-Croogo-2.2.0-Cross-Site-Scripting.html" + }, + { + "name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-02.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-02.html" + }, + { + "name": "croogo-filemanagereditfile-xss(99890)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99890" + }, + { + "name": "https://github.com/croogo/croogo/issues/599", + "refsource": "CONFIRM", + "url": "https://github.com/croogo/croogo/issues/599" + }, + { + "name": "20150112 Reflecting XSS vulnerability in CMS Croogo v.2.2.0", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/24" + }, + { + "name": "71999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71999" + }, + { + "name": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-02.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-02.html" + }, + { + "name": "https://blog.croogo.org/blog/croogo-221-released", + "refsource": "CONFIRM", + "url": "https://blog.croogo.org/blog/croogo-221-released" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1625.json b/2015/1xxx/CVE-2015-1625.json index 77b70156e1a..3106d8b7d5a 100644 --- a/2015/1xxx/CVE-2015-1625.json +++ b/2015/1xxx/CVE-2015-1625.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1634." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" - }, - { - "name" : "72923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72923" - }, - { - "name" : "1031888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1634." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" + }, + { + "name": "1031888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031888" + }, + { + "name": "72923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72923" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1631.json b/2015/1xxx/CVE-2015-1631.json index aad7b06d9db..3017864d1e7 100644 --- a/2015/1xxx/CVE-2015-1631.json +++ b/2015/1xxx/CVE-2015-1631.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka \"Exchange Forged Meeting Request Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026" - }, - { - "name" : "1031900", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka \"Exchange Forged Meeting Request Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026" + }, + { + "name": "1031900", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031900" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5138.json b/2015/5xxx/CVE-2015-5138.json index d643a78c3a4..29f18d01af2 100644 --- a/2015/5xxx/CVE-2015-5138.json +++ b/2015/5xxx/CVE-2015-5138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5166.json b/2015/5xxx/CVE-2015-5166.json index a13bfa1dc4e..e54bab7bfd4 100644 --- a/2015/5xxx/CVE-2015-5166.json +++ b/2015/5xxx/CVE-2015-5166.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-139.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-139.html" - }, - { - "name" : "FEDORA-2015-15944", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html" - }, - { - "name" : "FEDORA-2015-15946", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html" - }, - { - "name" : "FEDORA-2015-14361", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html" - }, - { - "name" : "76152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76152" - }, - { - "name" : "1033175", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-15944", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html" + }, + { + "name": "FEDORA-2015-14361", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html" + }, + { + "name": "FEDORA-2015-15946", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html" + }, + { + "name": "76152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76152" + }, + { + "name": "1033175", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033175" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-139.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-139.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5734.json b/2015/5xxx/CVE-2015-5734.json index baa160a6b44..34974f7a90d 100644 --- a/2015/5xxx/CVE-2015-5734.json +++ b/2015/5xxx/CVE-2015-5734.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150804 Re: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/08/04/7" - }, - { - "name" : "https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html", - "refsource" : "MISC", - "url" : "https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8133", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8133" - }, - { - "name" : "https://codex.wordpress.org/Version_4.2.4", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.2.4" - }, - { - "name" : "https://core.trac.wordpress.org/changeset/33549", - "refsource" : "CONFIRM", - "url" : "https://core.trac.wordpress.org/changeset/33549" - }, - { - "name" : "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/" - }, - { - "name" : "DSA-3332", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3332" - }, - { - "name" : "DSA-3383", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3383" - }, - { - "name" : "76331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76331" - }, - { - "name" : "1033178", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/" + }, + { + "name": "[oss-security] 20150804 Re: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/08/04/7" + }, + { + "name": "1033178", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033178" + }, + { + "name": "https://core.trac.wordpress.org/changeset/33549", + "refsource": "CONFIRM", + "url": "https://core.trac.wordpress.org/changeset/33549" + }, + { + "name": "DSA-3332", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3332" + }, + { + "name": "76331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76331" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8133", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8133" + }, + { + "name": "https://codex.wordpress.org/Version_4.2.4", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.2.4" + }, + { + "name": "DSA-3383", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3383" + }, + { + "name": "https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html", + "refsource": "MISC", + "url": "https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5884.json b/2015/5xxx/CVE-2015-5884.json index 8fb97c141fd..39abcf624aa 100644 --- a/2015/5xxx/CVE-2015-5884.json +++ b/2015/5xxx/CVE-2015-5884.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76908" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "76908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76908" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11227.json b/2018/11xxx/CVE-2018-11227.json index 80c25d3686f..07a69bfcb95 100644 --- a/2018/11xxx/CVE-2018-11227.json +++ b/2018/11xxx/CVE-2018-11227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11227", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11227", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3062.json b/2018/3xxx/CVE-2018-3062.json index 981eb53747a..001e38317be 100644 --- a/2018/3xxx/CVE-2018-3062.json +++ b/2018/3xxx/CVE-2018-3062.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.40 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.22 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.11 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.40 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.22 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.11 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3725-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3725-1/" - }, - { - "name" : "104776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104776" - }, - { - "name" : "1041294", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "USN-3725-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3725-1/" + }, + { + "name": "1041294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041294" + }, + { + "name": "104776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104776" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180726-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180726-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3148.json b/2018/3xxx/CVE-2018-3148.json index d0c2000fdeb..8d92d7a8894 100644 --- a/2018/3xxx/CVE-2018-3148.json +++ b/2018/3xxx/CVE-2018-3148.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Primavera Unifier", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "15.1" - }, - { - "version_affected" : "=", - "version_value" : "15.2" - }, - { - "version_affected" : "=", - "version_value" : "16.1" - }, - { - "version_affected" : "=", - "version_value" : "16.2" - }, - { - "version_affected" : "=", - "version_value" : "17.1-17.12" - }, - { - "version_affected" : "=", - "version_value" : "18.1-18.8" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2, 16.1, 16.2, 17.1-17.12 and 18.1-18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera Unifier", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.1" + }, + { + "version_affected": "=", + "version_value": "15.2" + }, + { + "version_affected": "=", + "version_value": "16.1" + }, + { + "version_affected": "=", + "version_value": "16.2" + }, + { + "version_affected": "=", + "version_value": "17.1-17.12" + }, + { + "version_affected": "=", + "version_value": "18.1-18.8" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2, 16.1, 16.2, 17.1-17.12 and 18.1-18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105625" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3335.json b/2018/3xxx/CVE-2018-3335.json index 859b271396c..c59bc4f2a36 100644 --- a/2018/3xxx/CVE-2018-3335.json +++ b/2018/3xxx/CVE-2018-3335.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3335", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3335", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3393.json b/2018/3xxx/CVE-2018-3393.json index 83ba9ce9b60..553ccfb971f 100644 --- a/2018/3xxx/CVE-2018-3393.json +++ b/2018/3xxx/CVE-2018-3393.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3393", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3393", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3403.json b/2018/3xxx/CVE-2018-3403.json index 7bf0a843ebb..0efdfb9b75a 100644 --- a/2018/3xxx/CVE-2018-3403.json +++ b/2018/3xxx/CVE-2018-3403.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3403", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3403", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3671.json b/2018/3xxx/CVE-2018-3671.json index d7e24c484f0..cbf9fced5da 100644 --- a/2018/3xxx/CVE-2018-3671.json +++ b/2018/3xxx/CVE-2018-3671.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-06-26T00:00:00", - "ID" : "CVE-2018-3671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Saffron MemoryBase", - "version" : { - "version_data" : [ - { - "version_value" : "before version 11.4" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-06-26T00:00:00", + "ID": "CVE-2018-3671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Saffron MemoryBase", + "version": { + "version_data": [ + { + "version_value": "before version 11.4" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3674.json b/2018/3xxx/CVE-2018-3674.json index dd6c01410fa..8926beb44be 100644 --- a/2018/3xxx/CVE-2018-3674.json +++ b/2018/3xxx/CVE-2018-3674.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3674", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3674", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6521.json b/2018/6xxx/CVE-2018-6521.json index d44462fa94e..45f10064764 100644 --- a/2018/6xxx/CVE-2018-6521.json +++ b/2018/6xxx/CVE-2018-6521.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180209 [SECURITY] [DLA 1273-1] simplesamlphp security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html" - }, - { - "name" : "https://simplesamlphp.org/security/201801-03", - "refsource" : "CONFIRM", - "url" : "https://simplesamlphp.org/security/201801-03" - }, - { - "name" : "DSA-4127", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://simplesamlphp.org/security/201801-03", + "refsource": "CONFIRM", + "url": "https://simplesamlphp.org/security/201801-03" + }, + { + "name": "[debian-lts-announce] 20180209 [SECURITY] [DLA 1273-1] simplesamlphp security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html" + }, + { + "name": "DSA-4127", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4127" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7260.json b/2018/7xxx/CVE-2018-7260.json index 865093b9f74..fe013d24d49 100644 --- a/2018/7xxx/CVE-2018-7260.json +++ b/2018/7xxx/CVE-2018-7260.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin/", - "refsource" : "MISC", - "url" : "https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin/" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2018-1/", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2018-1/" - }, - { - "name" : "103099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin/", + "refsource": "MISC", + "url": "https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin/" + }, + { + "name": "103099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103099" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2018-1/", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2018-1/" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7294.json b/2018/7xxx/CVE-2018-7294.json index 1c26461e808..b9e7236f0bb 100644 --- a/2018/7xxx/CVE-2018-7294.json +++ b/2018/7xxx/CVE-2018-7294.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7294", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7294", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7837.json b/2018/7xxx/CVE-2018-7837.json index a3b4bdfd035..c26e1e32f54 100644 --- a/2018/7xxx/CVE-2018-7837.json +++ b/2018/7xxx/CVE-2018-7837.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "ID" : "CVE-2018-7837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IIoT Monitor 3.1.38", - "version" : { - "version_data" : [ - { - "version_value" : "IIoT Monitor 3.1.38" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction of XML External Entity Reference ('XXE')" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "ID": "CVE-2018-7837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IIoT Monitor 3.1.38", + "version": { + "version_data": [ + { + "version_value": "IIoT Monitor 3.1.38" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/" - }, - { - "name" : "106484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference ('XXE')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106484" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7853.json b/2018/7xxx/CVE-2018-7853.json index d035bd5181f..9e040d4cb8e 100644 --- a/2018/7xxx/CVE-2018-7853.json +++ b/2018/7xxx/CVE-2018-7853.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7853", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7853", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8076.json b/2018/8xxx/CVE-2018-8076.json index 41765f283b6..16d33481b1b 100644 --- a/2018/8xxx/CVE-2018-8076.json +++ b/2018/8xxx/CVE-2018-8076.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. In recent versions of macOS and OS X, Apple has implemented an internal check to prevent such XPC API abuse from occurring, thus making this vulnerability only result in a denial of service if exploited by an attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-016.md", - "refsource" : "MISC", - "url" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-016.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. In recent versions of macOS and OS X, Apple has implemented an internal check to prevent such XPC API abuse from occurring, thus making this vulnerability only result in a denial of service if exploited by an attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-016.md", + "refsource": "MISC", + "url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-016.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8279.json b/2018/8xxx/CVE-2018-8279.json index 44152f5e492..8bfef306211 100644 --- a/2018/8xxx/CVE-2018-8279.json +++ b/2018/8xxx/CVE-2018-8279.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45214", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45214/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8279", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8279" - }, - { - "name" : "104641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104641" - }, - { - "name" : "1041256", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041256", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041256" + }, + { + "name": "104641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104641" + }, + { + "name": "45214", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45214/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8279", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8279" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8821.json b/2018/8xxx/CVE-2018-8821.json index ce94e57f466..bf223228399 100644 --- a/2018/8xxx/CVE-2018-8821.json +++ b/2018/8xxx/CVE-2018-8821.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigric3/poc", - "refsource" : "MISC", - "url" : "https://github.com/bigric3/poc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigric3/poc", + "refsource": "MISC", + "url": "https://github.com/bigric3/poc" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8976.json b/2018/8xxx/CVE-2018-8976.json index 8743c077fb3..052d3706292 100644 --- a/2018/8xxx/CVE-2018-8976.json +++ b/2018/8xxx/CVE-2018-8976.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Exiv2/exiv2/issues/246", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/issues/246" - }, - { - "name" : "GLSA-201811-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Exiv2/exiv2/issues/246", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/issues/246" + }, + { + "name": "GLSA-201811-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-14" + } + ] + } +} \ No newline at end of file