diff --git a/2002/2xxx/CVE-2002-2373.json b/2002/2xxx/CVE-2002-2373.json index 82ecab50eb3..1ef3336c76b 100644 --- a/2002/2xxx/CVE-2002-2373.json +++ b/2002/2xxx/CVE-2002-2373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021026 TCP/IP Printer Configuration Utility for Apple.LaserWriter 12/640 PS security problem", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/297250" - }, - { - "name" : "6052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6052" - }, - { - "name" : "apple-laserwriter-telnet-access(10476)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10476.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021026 TCP/IP Printer Configuration Utility for Apple.LaserWriter 12/640 PS security problem", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/297250" + }, + { + "name": "6052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6052" + }, + { + "name": "apple-laserwriter-telnet-access(10476)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10476.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0207.json b/2005/0xxx/CVE-2005-0207.json index 27b6514b193..387d2ba4679 100644 --- a/2005/0xxx/CVE-2005-0207.json +++ b/2005/0xxx/CVE-2005-0207.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2005:930", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930" - }, - { - "name" : "RHSA-2005:366", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html" - }, - { - "name" : "SUSE-SA:2005:003", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/advisories/7880" - }, - { - "name" : "12330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12330" - }, - { - "name" : "oval:org.mitre.oval:def:11001", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:366", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-366.html" + }, + { + "name": "SUSE-SA:2005:003", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/advisories/7880" + }, + { + "name": "12330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12330" + }, + { + "name": "CLA-2005:930", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930" + }, + { + "name": "oval:org.mitre.oval:def:11001", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11001" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0307.json b/2005/0xxx/CVE-2005-0307.json index 6dcc160969e..2d7ed3c05dc 100644 --- a/2005/0xxx/CVE-2005-0307.json +++ b/2005/0xxx/CVE-2005-0307.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050124 Multiple vulnerabilities in MercuryBoard 1.1.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110661795632354&w=2" - }, - { - "name" : "12359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12359" - }, - { - "name" : "mercuryboard-multiple-scripts-xss(19050)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050124 Multiple vulnerabilities in MercuryBoard 1.1.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110661795632354&w=2" + }, + { + "name": "mercuryboard-multiple-scripts-xss(19050)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19050" + }, + { + "name": "12359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12359" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0680.json b/2005/0xxx/CVE-2005-0680.json index 921f1071f94..b1ab3379ff5 100644 --- a/2005/0xxx/CVE-2005-0680.json +++ b/2005/0xxx/CVE-2005-0680.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050304 Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110996056601719&w=2" - }, - { - "name" : "http://www.stadtaus.com/forum/p-5895.html", - "refsource" : "MISC", - "url" : "http://www.stadtaus.com/forum/p-5895.html" - }, - { - "name" : "http://www.stadtaus.com/forum/t-1579.html", - "refsource" : "CONFIRM", - "url" : "http://www.stadtaus.com/forum/t-1579.html" - }, - { - "name" : "14513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.stadtaus.com/forum/t-1579.html", + "refsource": "CONFIRM", + "url": "http://www.stadtaus.com/forum/t-1579.html" + }, + { + "name": "14513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14513" + }, + { + "name": "20050304 Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110996056601719&w=2" + }, + { + "name": "http://www.stadtaus.com/forum/p-5895.html", + "refsource": "MISC", + "url": "http://www.stadtaus.com/forum/p-5895.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1350.json b/2005/1xxx/CVE-2005-1350.json index cbae02669c1..8bc7af9ee50 100644 --- a/2005/1xxx/CVE-2005-1350.json +++ b/2005/1xxx/CVE-2005-1350.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050424 remote command execution in ad.cgi script", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111446285915444&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050424 remote command execution in ad.cgi script", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111446285915444&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1605.json b/2005/1xxx/CVE-2005-1605.json index d0b1eecf109..028699f1ad0 100644 --- a/2005/1xxx/CVE-2005-1605.json +++ b/2005/1xxx/CVE-2005-1605.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050509 SiteStudio", - "refsource" : "FULLDISC", - "url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0154.html" - }, - { - "name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt", - "refsource" : "MISC", - "url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt" - }, - { - "name" : "http://www.psoft.net/SS/ss_16_security_update_guestbook.html", - "refsource" : "CONFIRM", - "url" : "http://www.psoft.net/SS/ss_16_security_update_guestbook.html" - }, - { - "name" : "http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html", - "refsource" : "CONFIRM", - "url" : "http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html" - }, - { - "name" : "13554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13554" - }, - { - "name" : "16240", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16240" - }, - { - "name" : "15286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15286" - }, - { - "name" : "sitestudio-guestbook-xss(20496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15286" + }, + { + "name": "20050509 SiteStudio", + "refsource": "FULLDISC", + "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0154.html" + }, + { + "name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt", + "refsource": "MISC", + "url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt" + }, + { + "name": "sitestudio-guestbook-xss(20496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20496" + }, + { + "name": "http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html", + "refsource": "CONFIRM", + "url": "http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html" + }, + { + "name": "16240", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16240" + }, + { + "name": "13554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13554" + }, + { + "name": "http://www.psoft.net/SS/ss_16_security_update_guestbook.html", + "refsource": "CONFIRM", + "url": "http://www.psoft.net/SS/ss_16_security_update_guestbook.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1679.json b/2005/1xxx/CVE-2005-1679.json index 92f7772ebf5..26beb829365 100644 --- a/2005/1xxx/CVE-2005-1679.json +++ b/2005/1xxx/CVE-2005-1679.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050520 picasm error handling stack overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111661253517089&w=2" - }, - { - "name" : "http://www.co.jyu.fi/~trossi/pic/", - "refsource" : "CONFIRM", - "url" : "http://www.co.jyu.fi/~trossi/pic/" - }, - { - "name" : "13698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050520 picasm error handling stack overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111661253517089&w=2" + }, + { + "name": "13698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13698" + }, + { + "name": "http://www.co.jyu.fi/~trossi/pic/", + "refsource": "CONFIRM", + "url": "http://www.co.jyu.fi/~trossi/pic/" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1875.json b/2005/1xxx/CVE-2005-1875.json index db312e05061..131eabea107 100644 --- a/2005/1xxx/CVE-2005-1875.json +++ b/2005/1xxx/CVE-2005-1875.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050602 SEC-CONSULT SA20050602-2 :: Exhibit Engine Blind SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111773894525119&w=2" - }, - { - "name" : "http://photography-on-the.net/forum/showthread.php?p=579692", - "refsource" : "CONFIRM", - "url" : "http://photography-on-the.net/forum/showthread.php?p=579692" - }, - { - "name" : "13844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13844" - }, - { - "name" : "17006", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17006" - }, - { - "name" : "15583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13844" + }, + { + "name": "15583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15583" + }, + { + "name": "http://photography-on-the.net/forum/showthread.php?p=579692", + "refsource": "CONFIRM", + "url": "http://photography-on-the.net/forum/showthread.php?p=579692" + }, + { + "name": "17006", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17006" + }, + { + "name": "20050602 SEC-CONSULT SA20050602-2 :: Exhibit Engine Blind SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111773894525119&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3199.json b/2005/3xxx/CVE-2005-3199.json index ab7f2bb1684..b0d1bff7c5b 100644 --- a/2005/3xxx/CVE-2005-3199.json +++ b/2005/3xxx/CVE-2005-3199.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) txtLogin and (2) txtPassword parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051006 aspReady FAQ - open for SQL-injections", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112861875408315&w=2" - }, - { - "name" : "15022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15022" - }, - { - "name" : "19917", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19917" - }, - { - "name" : "1015015", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015015" - }, - { - "name" : "17091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17091/" - }, - { - "name" : "52", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/52" - }, - { - "name" : "aspreadyfaq-aradmin-sql-injection(22538)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) txtLogin and (2) txtPassword parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015015", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015015" + }, + { + "name": "15022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15022" + }, + { + "name": "19917", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19917" + }, + { + "name": "aspreadyfaq-aradmin-sql-injection(22538)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22538" + }, + { + "name": "20051006 aspReady FAQ - open for SQL-injections", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112861875408315&w=2" + }, + { + "name": "17091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17091/" + }, + { + "name": "52", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/52" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4244.json b/2005/4xxx/CVE-2005-4244.json index 255a91ba023..987aa636c8e 100644 --- a/2005/4xxx/CVE-2005-4244.json +++ b/2005/4xxx/CVE-2005-4244.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/snipe-gallery-sqlxss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/snipe-gallery-sqlxss-vuln.html" - }, - { - "name" : "15844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15844" - }, - { - "name" : "ADV-2005-2882", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2882" - }, - { - "name" : "21693", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21693" - }, - { - "name" : "21694", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21694" - }, - { - "name" : "18022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18022" + }, + { + "name": "ADV-2005-2882", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2882" + }, + { + "name": "21694", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21694" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/snipe-gallery-sqlxss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/snipe-gallery-sqlxss-vuln.html" + }, + { + "name": "15844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15844" + }, + { + "name": "21693", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21693" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4623.json b/2005/4xxx/CVE-2005-4623.json index 7cc3bd7af2c..5e1f88fabd3 100644 --- a/2005/4xxx/CVE-2005-4623.json +++ b/2005/4xxx/CVE-2005-4623.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipomonis.com/advisories/PaQFile_Share.txt", - "refsource" : "MISC", - "url" : "http://www.ipomonis.com/advisories/PaQFile_Share.txt" - }, - { - "name" : "16124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16124" - }, - { - "name" : "22152", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22152" - }, - { - "name" : "1015430", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015430" - }, - { - "name" : "18279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015430", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015430" + }, + { + "name": "16124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16124" + }, + { + "name": "22152", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22152" + }, + { + "name": "http://www.ipomonis.com/advisories/PaQFile_Share.txt", + "refsource": "MISC", + "url": "http://www.ipomonis.com/advisories/PaQFile_Share.txt" + }, + { + "name": "18279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18279" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4653.json b/2005/4xxx/CVE-2005-4653.json index 57dd54b0c56..897f699e028 100644 --- a/2005/4xxx/CVE-2005-4653.json +++ b/2005/4xxx/CVE-2005-4653.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051022 Vulnerability in AL-Caricatier, V.2.5 And Prior Versions", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0483.html" - }, - { - "name" : "15162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15162" - }, - { - "name" : "ADV-2005-2181", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2181" - }, - { - "name" : "17292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17292" - }, - { - "name" : "al-caricatier-ss-bypass-security(22840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "al-caricatier-ss-bypass-security(22840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22840" + }, + { + "name": "20051022 Vulnerability in AL-Caricatier, V.2.5 And Prior Versions", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0483.html" + }, + { + "name": "ADV-2005-2181", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2181" + }, + { + "name": "15162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15162" + }, + { + "name": "17292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17292" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0189.json b/2009/0xxx/CVE-2009-0189.json index 8ceb85cf5b9..0dc3cbcf1a9 100644 --- a/2009/0xxx/CVE-2009-0189.json +++ b/2009/0xxx/CVE-2009-0189.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0189", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1012. Reason: This candidate is a reservation duplicate of CVE-2009-1012. Notes: All CVE users should reference CVE-2009-1012 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-0189", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1012. Reason: This candidate is a reservation duplicate of CVE-2009-1012. Notes: All CVE users should reference CVE-2009-1012 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0426.json b/2009/0xxx/CVE-2009-0426.json index fabf561d1ff..f3421ab01fb 100644 --- a/2009/0xxx/CVE-2009-0426.json +++ b/2009/0xxx/CVE-2009-0426.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7767", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7767" - }, - { - "name" : "33253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33253" - }, - { - "name" : "33482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33482" - }, - { - "name" : "classifieds-uploadimage-sql-injection(47959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33253" + }, + { + "name": "7767", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7767" + }, + { + "name": "classifieds-uploadimage-sql-injection(47959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47959" + }, + { + "name": "33482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33482" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0540.json b/2009/0xxx/CVE-2009-0540.json index cb6e6a9fd6b..96095be9668 100644 --- a/2009/0xxx/CVE-2009-0540.json +++ b/2009/0xxx/CVE-2009-0540.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090222 Libero Cross-Site Scripting Vulnerability - Security Advisory - SOS-09-001", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0243.html" - }, - { - "name" : "33856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33856" - }, - { - "name" : "52263", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52263" - }, - { - "name" : "ADV-2009-0493", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0493" - }, - { - "name" : "libero-searchterm-xss(48870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33856" + }, + { + "name": "20090222 Libero Cross-Site Scripting Vulnerability - Security Advisory - SOS-09-001", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0243.html" + }, + { + "name": "52263", + "refsource": "OSVDB", + "url": "http://osvdb.org/52263" + }, + { + "name": "ADV-2009-0493", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0493" + }, + { + "name": "libero-searchterm-xss(48870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48870" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0698.json b/2009/0xxx/CVE-2009-0698.json index 51137239b07..067b813a626 100644 --- a/2009/0xxx/CVE-2009-0698.json +++ b/2009/0xxx/CVE-2009-0698.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500514/100/0/threaded" - }, - { - "name" : "http://www.trapkit.de/advisories/TKADV2009-004.txt", - "refsource" : "MISC", - "url" : "http://www.trapkit.de/advisories/TKADV2009-004.txt" - }, - { - "name" : "http://bugs.xine-project.org/show_bug.cgi?id=205", - "refsource" : "CONFIRM", - "url" : "http://bugs.xine-project.org/show_bug.cgi?id=205" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=660071", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=660071" - }, - { - "name" : "MDVSA-2009:298", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" - }, - { - "name" : "MDVSA-2009:299", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" - }, - { - "name" : "SUSE-SR:2009:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" - }, - { - "name" : "USN-746-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-746-1" - }, - { - "name" : "xinelib-4xmdemuxer-code-execution(48954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-746-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-746-1" + }, + { + "name": "MDVSA-2009:299", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" + }, + { + "name": "xinelib-4xmdemuxer-code-execution(48954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=660071", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=660071" + }, + { + "name": "http://bugs.xine-project.org/show_bug.cgi?id=205", + "refsource": "CONFIRM", + "url": "http://bugs.xine-project.org/show_bug.cgi?id=205" + }, + { + "name": "MDVSA-2009:298", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" + }, + { + "name": "SUSE-SR:2009:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" + }, + { + "name": "http://www.trapkit.de/advisories/TKADV2009-004.txt", + "refsource": "MISC", + "url": "http://www.trapkit.de/advisories/TKADV2009-004.txt" + }, + { + "name": "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0730.json b/2009/0xxx/CVE-2009-0730.json index bd62367304f..3eaf66d9515 100644 --- a/2009/0xxx/CVE-2009-0730.json +++ b/2009/0xxx/CVE-2009-0730.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090221 gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501176/100/0/threaded" - }, - { - "name" : "20090221 gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501175/100/0/threaded" - }, - { - "name" : "20090221 gigCalendar Joomla Component 1.0 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501174/100/0/threaded" - }, - { - "name" : "33859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33859" - }, - { - "name" : "33863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33863" - }, - { - "name" : "gigcalendar-venuedetails-sql-injection(48865)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090221 gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501175/100/0/threaded" + }, + { + "name": "33859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33859" + }, + { + "name": "gigcalendar-venuedetails-sql-injection(48865)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48865" + }, + { + "name": "20090221 gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501176/100/0/threaded" + }, + { + "name": "20090221 gigCalendar Joomla Component 1.0 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501174/100/0/threaded" + }, + { + "name": "33863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33863" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1052.json b/2009/1xxx/CVE-2009-1052.json index e1f1d33ece5..40e8c13310d 100644 --- a/2009/1xxx/CVE-2009-1052.json +++ b/2009/1xxx/CVE-2009-1052.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090317 [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501905/100/0/threaded" - }, - { - "name" : "http://e-rdc.org/v1/news.php?readmore=130", - "refsource" : "MISC", - "url" : "http://e-rdc.org/v1/news.php?readmore=130" - }, - { - "name" : "34359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://e-rdc.org/v1/news.php?readmore=130", + "refsource": "MISC", + "url": "http://e-rdc.org/v1/news.php?readmore=130" + }, + { + "name": "34359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34359" + }, + { + "name": "20090317 [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501905/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1184.json b/2009/1xxx/CVE-2009-1184.json index 0f882ee998f..9afef3b5c4a 100644 --- a/2009/1xxx/CVE-2009-1184.json +++ b/2009/1xxx/CVE-2009-1184.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20090502 Linux 2.6.27.21", - "refsource" : "MLIST", - "url" : "http://lwn.net/Articles/331434/" - }, - { - "name" : "[linux-kernel] 20090502 Linux 2.6.28.10", - "refsource" : "MLIST", - "url" : "http://lwn.net/Articles/331435/" - }, - { - "name" : "[oss-security] 20090504 CVE-2009-1184 selinux: skipped node/port send checks in the compat_net=1 case", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/04/1" - }, - { - "name" : "https://launchpad.net/bugs/cve/2009-1184", - "refsource" : "MISC", - "url" : "https://launchpad.net/bugs/cve/2009-1184" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=910c9e41186762de3717baaf392ab5ff0c454496", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=910c9e41186762de3717baaf392ab5ff0c454496" - }, - { - "name" : "http://patchwork.ozlabs.org/patch/25238/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.ozlabs.org/patch/25238/" - }, - { - "name" : "DSA-1800", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1800" - }, - { - "name" : "MDVSA-2009:118", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:118" - }, - { - "name" : "MDVSA-2009:119", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:119" - }, - { - "name" : "MDVSA-2009:135", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135" - }, - { - "name" : "USN-793-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-793-1" - }, - { - "name" : "35121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35121" - }, - { - "name" : "35656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:135", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135" + }, + { + "name": "[linux-kernel] 20090502 Linux 2.6.28.10", + "refsource": "MLIST", + "url": "http://lwn.net/Articles/331435/" + }, + { + "name": "MDVSA-2009:118", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:118" + }, + { + "name": "35656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35656" + }, + { + "name": "[oss-security] 20090504 CVE-2009-1184 selinux: skipped node/port send checks in the compat_net=1 case", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/04/1" + }, + { + "name": "http://patchwork.ozlabs.org/patch/25238/", + "refsource": "CONFIRM", + "url": "http://patchwork.ozlabs.org/patch/25238/" + }, + { + "name": "USN-793-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-793-1" + }, + { + "name": "DSA-1800", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1800" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=910c9e41186762de3717baaf392ab5ff0c454496", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=910c9e41186762de3717baaf392ab5ff0c454496" + }, + { + "name": "https://launchpad.net/bugs/cve/2009-1184", + "refsource": "MISC", + "url": "https://launchpad.net/bugs/cve/2009-1184" + }, + { + "name": "[linux-kernel] 20090502 Linux 2.6.27.21", + "refsource": "MLIST", + "url": "http://lwn.net/Articles/331434/" + }, + { + "name": "MDVSA-2009:119", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:119" + }, + { + "name": "35121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35121" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1458.json b/2009/1xxx/CVE-2009-1458.json index c9b6a2d0b13..17b79c84736 100644 --- a/2009/1xxx/CVE-2009-1458.json +++ b/2009/1xxx/CVE-2009-1458.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090416 [follow-up] razorCMS - Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=123998062108561&w=2" - }, - { - "name" : "20090416 razorCMS - Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=123990481506680&w=2" - }, - { - "name" : "http://razorcms.co.uk/support/viewtopic.php?f=13&t=325", - "refsource" : "CONFIRM", - "url" : "http://razorcms.co.uk/support/viewtopic.php?f=13&t=325" - }, - { - "name" : "34566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34566" - }, - { - "name" : "53776", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53776" - }, - { - "name" : "34744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34744" - }, - { - "name" : "razorcms-index-xss(49945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34744" + }, + { + "name": "http://razorcms.co.uk/support/viewtopic.php?f=13&t=325", + "refsource": "CONFIRM", + "url": "http://razorcms.co.uk/support/viewtopic.php?f=13&t=325" + }, + { + "name": "20090416 [follow-up] razorCMS - Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=123998062108561&w=2" + }, + { + "name": "razorcms-index-xss(49945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49945" + }, + { + "name": "53776", + "refsource": "OSVDB", + "url": "http://osvdb.org/53776" + }, + { + "name": "20090416 razorCMS - Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=123990481506680&w=2" + }, + { + "name": "34566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34566" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1664.json b/2009/1xxx/CVE-2009-1664.json index 5a9921ecb81..9540dfd5da0 100644 --- a/2009/1xxx/CVE-2009-1664.json +++ b/2009/1xxx/CVE-2009-1664.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8690", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8690", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8690" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3824.json b/2009/3xxx/CVE-2009-3824.json index 0f2988982df..06cf6f033ad 100644 --- a/2009/3xxx/CVE-2009-3824.json +++ b/2009/3xxx/CVE-2009-3824.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9156", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9156" - }, - { - "name" : "greenwood-processor-file-include(51737)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9156", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9156" + }, + { + "name": "greenwood-processor-file-include(51737)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51737" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4114.json b/2009/4xxx/CVE-2009-4114.json index e45d12dbd68..67f5b12d520 100644 --- a/2009/4xxx/CVE-2009-4114.json +++ b/2009/4xxx/CVE-2009-4114.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091117 Kaspersky Anti-Virus 2010 <= 9.0.0.463 pointer dereference vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507933/100/0/threaded" - }, - { - "name" : "http://sysdream.com/article.php?story_id=323§ion_id=78", - "refsource" : "MISC", - "url" : "http://sysdream.com/article.php?story_id=323§ion_id=78" - }, - { - "name" : "37044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37044" - }, - { - "name" : "60207", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60207" - }, - { - "name" : "1023198", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023198" - }, - { - "name" : "37398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37398" - }, - { - "name" : "ADV-2009-3286", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3286" - }, - { - "name" : "kaspersky-kl1-privilege-escalation(54309)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sysdream.com/article.php?story_id=323§ion_id=78", + "refsource": "MISC", + "url": "http://sysdream.com/article.php?story_id=323§ion_id=78" + }, + { + "name": "ADV-2009-3286", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3286" + }, + { + "name": "60207", + "refsource": "OSVDB", + "url": "http://osvdb.org/60207" + }, + { + "name": "20091117 Kaspersky Anti-Virus 2010 <= 9.0.0.463 pointer dereference vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507933/100/0/threaded" + }, + { + "name": "1023198", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023198" + }, + { + "name": "kaspersky-kl1-privilege-escalation(54309)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54309" + }, + { + "name": "37044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37044" + }, + { + "name": "37398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37398" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4841.json b/2009/4xxx/CVE-2009-4841.json index 5b7a301e2ea..d2db3ae67ea 100644 --- a/2009/4xxx/CVE-2009-4841.json +++ b/2009/4xxx/CVE-2009-4841.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8824", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8824", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8824" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5015.json b/2009/5xxx/CVE-2009-5015.json index 19d32bb017b..8d966f3163a 100644 --- a/2009/5xxx/CVE-2009-5015.json +++ b/2009/5xxx/CVE-2009-5015.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[turbogears-announce] 20090811 Critical security update for tg2 users!", - "refsource" : "MLIST", - "url" : "http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[turbogears-announce] 20090811 Critical security update for tg2 users!", + "refsource": "MLIST", + "url": "http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2507.json b/2012/2xxx/CVE-2012-2507.json index b64f844f617..5e692f82a09 100644 --- a/2012/2xxx/CVE-2012-2507.json +++ b/2012/2xxx/CVE-2012-2507.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2507", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2507", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3116.json b/2012/3xxx/CVE-2012-3116.json index 2dff4e28290..f5d78141473 100644 --- a/2012/3xxx/CVE-2012-3116.json +++ b/2012/3xxx/CVE-2012-3116.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54567" - }, - { - "name" : "83960", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83960" - }, - { - "name" : "1027268", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027268" - }, - { - "name" : "supplychain-transportmgmt-info-disc(77023)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027268", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027268" + }, + { + "name": "supplychain-transportmgmt-info-disc(77023)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77023" + }, + { + "name": "54567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54567" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "83960", + "refsource": "OSVDB", + "url": "http://osvdb.org/83960" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3425.json b/2012/3xxx/CVE-2012-3425.json index 4fe3d51351c..79ff3f424df 100644 --- a/2012/3xxx/CVE-2012-3425.json +++ b/2012/3xxx/CVE-2012-3425.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/24/3" - }, - { - "name" : "[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/24/5" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082" - }, - { - "name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10", - "refsource" : "MISC", - "url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10" - }, - { - "name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14", - "refsource" : "MISC", - "url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14" - }, - { - "name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15", - "refsource" : "MISC", - "url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15" - }, - { - "name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8", - "refsource" : "MISC", - "url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8" - }, - { - "name" : "openSUSE-SU-2012:0934", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html" - }, - { - "name" : "USN-2815-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2815-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/24/3" + }, + { + "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15", + "refsource": "MISC", + "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15" + }, + { + "name": "[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/24/5" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082" + }, + { + "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14", + "refsource": "MISC", + "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14" + }, + { + "name": "openSUSE-SU-2012:0934", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html" + }, + { + "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10", + "refsource": "MISC", + "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10" + }, + { + "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8", + "refsource": "MISC", + "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8" + }, + { + "name": "USN-2815-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2815-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6212.json b/2012/6xxx/CVE-2012-6212.json index 0b65f07c378..c8c7d4a9b8c 100644 --- a/2012/6xxx/CVE-2012-6212.json +++ b/2012/6xxx/CVE-2012-6212.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6212", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6212", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6524.json b/2012/6xxx/CVE-2012-6524.json index b0284cfe8eb..bd4f1cae6ec 100644 --- a/2012/6xxx/CVE-2012-6524.json +++ b/2012/6xxx/CVE-2012-6524.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18383", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18383" - }, - { - "name" : "51550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51550" - }, - { - "name" : "78342", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78342" - }, - { - "name" : "47530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47530" - }, - { - "name" : "pgb-kommentar-sql-injection(72450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78342", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78342" + }, + { + "name": "51550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51550" + }, + { + "name": "pgb-kommentar-sql-injection(72450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72450" + }, + { + "name": "47530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47530" + }, + { + "name": "18383", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18383" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6607.json b/2012/6xxx/CVE-2012-6607.json index 31702f6d175..b88d6e33110 100644 --- a/2012/6xxx/CVE-2012-6607.json +++ b/2012/6xxx/CVE-2012-6607.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://augeas.net/news.html", - "refsource" : "CONFIRM", - "url" : "http://augeas.net/news.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=772257", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=772257" - }, - { - "name" : "https://github.com/hercules-team/augeas/commit/16387744", - "refsource" : "CONFIRM", - "url" : "https://github.com/hercules-team/augeas/commit/16387744" - }, - { - "name" : "RHSA-2013:1537", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1537.html" - }, - { - "name" : "55811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hercules-team/augeas/commit/16387744", + "refsource": "CONFIRM", + "url": "https://github.com/hercules-team/augeas/commit/16387744" + }, + { + "name": "55811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55811" + }, + { + "name": "http://augeas.net/news.html", + "refsource": "CONFIRM", + "url": "http://augeas.net/news.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=772257", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772257" + }, + { + "name": "RHSA-2013:1537", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1537.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1211.json b/2015/1xxx/CVE-2015-1211.json index 40e1a793401..52b2f4d853e 100644 --- a/2015/1xxx/CVE-2015-1211.json +++ b/2015/1xxx/CVE-2015-1211.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=453982", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=453982" - }, - { - "name" : "https://codereview.chromium.org/889323002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/889323002" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0163", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0163.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2495-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2495-1" - }, - { - "name" : "72497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72497" - }, - { - "name" : "1031709", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031709" - }, - { - "name" : "62670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62670" - }, - { - "name" : "62818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62818" - }, - { - "name" : "62917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62917" - }, - { - "name" : "62925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62925" - }, - { - "name" : "google-chrome-cve20151211-priv-esc(100717)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72497" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html" + }, + { + "name": "62818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62818" + }, + { + "name": "https://codereview.chromium.org/889323002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/889323002" + }, + { + "name": "62925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62925" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html" + }, + { + "name": "google-chrome-cve20151211-priv-esc(100717)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100717" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "62917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62917" + }, + { + "name": "RHSA-2015:0163", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html" + }, + { + "name": "62670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62670" + }, + { + "name": "1031709", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031709" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "USN-2495-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2495-1" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=453982", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=453982" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1810.json b/2015/1xxx/CVE-2015-1810.json index 79a69cc6d5c..faf12710caf 100644 --- a/2015/1xxx/CVE-2015-1810.json +++ b/2015/1xxx/CVE-2015-1810.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205627", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205627" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27" - }, - { - "name" : "RHSA-2015:1844", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1844.html" - }, - { - "name" : "RHSA-2016:0070", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0070", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0070" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27" + }, + { + "name": "RHSA-2015:1844", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1844.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205627", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205627" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1958.json b/2015/1xxx/CVE-2015-1958.json index 929d14ed642..67675e562c1 100644 --- a/2015/1xxx/CVE-2015-1958.json +++ b/2015/1xxx/CVE-2015-1958.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959210", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959210", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959210" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5026.json b/2015/5xxx/CVE-2015-5026.json index 8b44f50cf2a..4bd78e705ae 100644 --- a/2015/5xxx/CVE-2015-5026.json +++ b/2015/5xxx/CVE-2015-5026.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5026", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5026", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5133.json b/2015/5xxx/CVE-2015-5133.json index b1459252a9c..c73b20ad1be 100644 --- a/2015/5xxx/CVE-2015-5133.json +++ b/2015/5xxx/CVE-2015-5133.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5131 and CVE-2015-5132." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37858", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37858/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201508-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201508-01" - }, - { - "name" : "RHSA-2015:1603", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "76284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76284" - }, - { - "name" : "1033235", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5131 and CVE-2015-5132." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "GLSA-201508-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201508-01" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "76284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76284" + }, + { + "name": "37858", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37858/" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "1033235", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033235" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "name": "RHSA-2015:1603", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5613.json b/2015/5xxx/CVE-2015-5613.json index cd9907ccbd2..9712fb3f435 100644 --- a/2015/5xxx/CVE-2015-5613.json +++ b/2015/5xxx/CVE-2015-5613.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150722 Re: CVE Request: October CMS - Stored XSS in image caption tag", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/22/3" - }, - { - "name" : "https://github.com/octobercms/october/commit/8a4ac533e5cd6b8f92e9ef19fbfbb2f505dc7a9a", - "refsource" : "CONFIRM", - "url" : "https://github.com/octobercms/october/commit/8a4ac533e5cd6b8f92e9ef19fbfbb2f505dc7a9a" - }, - { - "name" : "https://github.com/octobercms/october/issues/1302", - "refsource" : "CONFIRM", - "url" : "https://github.com/octobercms/october/issues/1302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150722 Re: CVE Request: October CMS - Stored XSS in image caption tag", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/22/3" + }, + { + "name": "https://github.com/octobercms/october/issues/1302", + "refsource": "CONFIRM", + "url": "https://github.com/octobercms/october/issues/1302" + }, + { + "name": "https://github.com/octobercms/october/commit/8a4ac533e5cd6b8f92e9ef19fbfbb2f505dc7a9a", + "refsource": "CONFIRM", + "url": "https://github.com/octobercms/october/commit/8a4ac533e5cd6b8f92e9ef19fbfbb2f505dc7a9a" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5803.json b/2015/5xxx/CVE-2015-5803.json index a19af73b1e0..d2f3f866059 100644 --- a/2015/5xxx/CVE-2015-5803.json +++ b/2015/5xxx/CVE-2015-5803.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "https://support.apple.com/HT205265", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205265" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-09-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" - }, - { - "name" : "76763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76763" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76763" + }, + { + "name": "https://support.apple.com/HT205265", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205265" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "APPLE-SA-2015-09-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11051.json b/2018/11xxx/CVE-2018-11051.json index de6854bc4cf..0087fb0c64a 100644 --- a/2018/11xxx/CVE-2018-11051.json +++ b/2018/11xxx/CVE-2018-11051.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-06-28T04:00:00.000Z", - "ID" : "CVE-2018-11051", - "STATE" : "PUBLIC", - "TITLE" : "RSA Certificate Manager Path Traversal Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Certificate Manager Path Traversal Vulnerability", - "version" : { - "version_data" : [ - { - "version_value" : "6.9 build 560 through 6.9 build 564" - } - ] - } - } - ] - }, - "vendor_name" : "RSA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 7.5, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass Vulnerability\n" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-06-28T04:00:00.000Z", + "ID": "CVE-2018-11051", + "STATE": "PUBLIC", + "TITLE": "RSA Certificate Manager Path Traversal Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Certificate Manager Path Traversal Vulnerability", + "version": { + "version_data": [ + { + "version_value": "6.9 build 560 through 6.9 build 564" + } + ] + } + } + ] + }, + "vendor_name": "RSA" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180628 DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/11" - }, - { - "name" : "104674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104674" - }, - { - "name" : "1041211", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041211" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass Vulnerability\n" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180628 DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/11" + }, + { + "name": "104674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104674" + }, + { + "name": "1041211", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041211" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11077.json b/2018/11xxx/CVE-2018-11077.json index 70b01f7bcb1..9415b2dfeb3 100644 --- a/2018/11xxx/CVE-2018-11077.json +++ b/2018/11xxx/CVE-2018-11077.json @@ -1,131 +1,131 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-11-20T05:00:00.000Z", - "ID" : "CVE-2018-11077", - "STATE" : "PUBLIC", - "TITLE" : "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Avamar", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "7.2.0" - }, - { - "affected" : "=", - "version_value" : "7.2.1" - }, - { - "affected" : "=", - "version_value" : "7.3.0" - }, - { - "affected" : "=", - "version_value" : "7.3.1" - }, - { - "affected" : "=", - "version_value" : "7.4.0" - }, - { - "affected" : "=", - "version_value" : "7.4.1" - }, - { - "version_value" : "7.5.0" - }, - { - "version_value" : "7.5.1" - }, - { - "version_value" : "18.1" - } - ] - } - }, - { - "product_name" : "Integrated Data Protection Appliance ", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "2.0" - }, - { - "affected" : "=", - "version_value" : "2.1" - }, - { - "affected" : "=", - "version_value" : "2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-11-20T05:00:00.000Z", + "ID": "CVE-2018-11077", + "STATE": "PUBLIC", + "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Avamar", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "7.2.0" + }, + { + "affected": "=", + "version_value": "7.2.1" + }, + { + "affected": "=", + "version_value": "7.3.0" + }, + { + "affected": "=", + "version_value": "7.3.1" + }, + { + "affected": "=", + "version_value": "7.4.0" + }, + { + "affected": "=", + "version_value": "7.4.1" + }, + { + "version_value": "7.5.0" + }, + { + "version_value": "7.5.1" + }, + { + "version_value": "18.1" + } + ] + } + }, + { + "product_name": "Integrated Data Protection Appliance ", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "2.0" + }, + { + "affected": "=", + "version_value": "2.1" + }, + { + "affected": "=", + "version_value": "2.2" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Nov/51" - }, - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2018-0029.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2018-0029.html" - }, - { - "name" : "105971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105971" - }, - { - "name" : "1042153", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042153" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html" + }, + { + "name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Nov/51" + }, + { + "name": "105971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105971" + }, + { + "name": "1042153", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042153" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11360.json b/2018/11xxx/CVE-2018-11360.json index b958331155a..3a7643325da 100644 --- a/2018/11xxx/CVE-2018-11360.json +++ b/2018/11xxx/CVE-2018-11360.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-30.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-30.html" - }, - { - "name" : "DSA-4217", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4217" - }, - { - "name" : "104308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104308" - }, - { - "name" : "1041036", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104308" + }, + { + "name": "DSA-4217", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4217" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-30.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-30.html" + }, + { + "name": "1041036", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041036" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11757.json b/2018/11xxx/CVE-2018-11757.json index 6d5028674cf..51789c80a8b 100644 --- a/2018/11xxx/CVE-2018-11757.json +++ b/2018/11xxx/CVE-2018-11757.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-07-20T00:00:00", - "ID" : "CVE-2018-11757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Docker Skeleton Runtime for Apache OpenWhisk", - "version" : { - "version_data" : [ - { - "version_value" : "Docker tag openwhisk/dockerskeleton 1.3.0 (or lower)" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-07-20T00:00:00", + "ID": "CVE-2018-11757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Docker Skeleton Runtime for Apache OpenWhisk", + "version": { + "version_data": [ + { + "version_value": "Docker tag openwhisk/dockerskeleton 1.3.0 (or lower)" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openwhisk-dev] 20180720 [CVE] CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/0b6d8a677f1c063ed32eb3638ef4d1a47dfba8907de4b222ddd24b05@%3Cdev.openwhisk.apache.org%3E" - }, - { - "name" : "https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8", - "refsource" : "CONFIRM", - "url" : "https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8" - }, - { - "name" : "104913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104913" + }, + { + "name": "[openwhisk-dev] 20180720 [CVE] CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/0b6d8a677f1c063ed32eb3638ef4d1a47dfba8907de4b222ddd24b05@%3Cdev.openwhisk.apache.org%3E" + }, + { + "name": "https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8", + "refsource": "CONFIRM", + "url": "https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11785.json b/2018/11xxx/CVE-2018-11785.json index 54c95c5c5ca..f024a4117b5 100644 --- a/2018/11xxx/CVE-2018-11785.json +++ b/2018/11xxx/CVE-2018-11785.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-10-24T00:00:00", - "ID" : "CVE-2018-11785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Impala", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Impala 3.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthorized access" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-10-24T00:00:00", + "ID": "CVE-2018-11785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Impala", + "version": { + "version_data": [ + { + "version_value": "Apache Impala 3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E", - "refsource" : "MISC", - "url" : "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E" - }, - { - "name" : "105742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105742" + }, + { + "name": "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E", + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15399.json b/2018/15xxx/CVE-2018-15399.json index 44a9f14cd69..5815104cfb3 100644 --- a/2018/15xxx/CVE-2018-15399.json +++ b/2018/15xxx/CVE-2018-15399.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15399", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Adaptive Security Appliance (ASA) Software ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "6.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15399", + "STATE": "PUBLIC", + "TITLE": "Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Adaptive Security Appliance (ASA) Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-syslog-dos" - }, - { - "name" : "1041785", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041785" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-asa-syslog-dos", - "defect" : [ - [ - "CSCvh73829" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041785", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041785" + }, + { + "name": "20181003 Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-syslog-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-asa-syslog-dos", + "defect": [ + [ + "CSCvh73829" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15624.json b/2018/15xxx/CVE-2018-15624.json index 07a7c226661..50c4e41b9e3 100644 --- a/2018/15xxx/CVE-2018-15624.json +++ b/2018/15xxx/CVE-2018-15624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15624", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15624", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15770.json b/2018/15xxx/CVE-2018-15770.json index e3248bd5317..be5b1c5a053 100644 --- a/2018/15xxx/CVE-2018-15770.json +++ b/2018/15xxx/CVE-2018-15770.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15770", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15770", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15779.json b/2018/15xxx/CVE-2018-15779.json index 20c6b9e264b..188e452ad93 100644 --- a/2018/15xxx/CVE-2018-15779.json +++ b/2018/15xxx/CVE-2018-15779.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15779", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15779", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3000.json b/2018/3xxx/CVE-2018-3000.json index 2485801dd51..591b61d869f 100644 --- a/2018/3xxx/CVE-2018-3000.json +++ b/2018/3xxx/CVE-2018-3000.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Cruise Shipboard Property Management System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Shipboard Property Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104815" - }, - { - "name" : "1041300", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104815" + }, + { + "name": "1041300", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041300" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3455.json b/2018/3xxx/CVE-2018-3455.json index d9ccf287d48..1bd7899b169 100644 --- a/2018/3xxx/CVE-2018-3455.json +++ b/2018/3xxx/CVE-2018-3455.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3455", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3455", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3469.json b/2018/3xxx/CVE-2018-3469.json index 9fa4e112b2d..522c947aa3d 100644 --- a/2018/3xxx/CVE-2018-3469.json +++ b/2018/3xxx/CVE-2018-3469.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3469", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3469", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3529.json b/2018/3xxx/CVE-2018-3529.json index 5b282e78af2..72262e227ab 100644 --- a/2018/3xxx/CVE-2018-3529.json +++ b/2018/3xxx/CVE-2018-3529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3767.json b/2018/3xxx/CVE-2018-3767.json index c43de4302e3..78579b60942 100644 --- a/2018/3xxx/CVE-2018-3767.json +++ b/2018/3xxx/CVE-2018-3767.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "memjs", - "version" : { - "version_data" : [ - { - "version_value" : "Not fixed" - } - ] - } - } - ] - }, - "vendor_name" : "https://github.com/memcachier" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "memjs", + "version": { + "version_data": [ + { + "version_value": "Not fixed" + } + ] + } + } + ] + }, + "vendor_name": "https://github.com/memcachier" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/319809", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/319809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/319809", + "refsource": "MISC", + "url": "https://hackerone.com/reports/319809" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8062.json b/2018/8xxx/CVE-2018-8062.json index 7d1edbad022..3ca232a4e0d 100644 --- a/2018/8xxx/CVE-2018-8062.json +++ b/2018/8xxx/CVE-2018-8062.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8062", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8062", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8352.json b/2018/8xxx/CVE-2018-8352.json index 654ed6bcf9c..3edc2b00db3 100644 --- a/2018/8xxx/CVE-2018-8352.json +++ b/2018/8xxx/CVE-2018-8352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8375.json b/2018/8xxx/CVE-2018-8375.json index 3720b55b2d4..0574374eda4 100644 --- a/2018/8xxx/CVE-2018-8375.json +++ b/2018/8xxx/CVE-2018-8375.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Excel Viewer", - "version" : { - "version_data" : [ - { - "version_value" : "2007 Service Pack 3" - } - ] - } - }, - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2016 for Mac" - }, - { - "version_value" : "Compatibility Pack Service Pack 3" - } - ] - } - }, - { - "product_name" : "Microsoft Excel", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - }, - { - "version_value" : "2016 Click-to-Run (C2R) for 32-bit editions" - }, - { - "version_value" : "2016 Click-to-Run (C2R) for 64-bit editions" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Excel Viewer", + "version": { + "version_data": [ + { + "version_value": "2007 Service Pack 3" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2016 for Mac" + }, + { + "version_value": "Compatibility Pack Service Pack 3" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2016 Click-to-Run (C2R) for 32-bit editions" + }, + { + "version_value": "2016 Click-to-Run (C2R) for 64-bit editions" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375" - }, - { - "name" : "104989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104989" - }, - { - "name" : "1041463", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104989" + }, + { + "name": "1041463", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041463" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8381.json b/2018/8xxx/CVE-2018-8381.json index 6de31f394da..0a94a6c5d2e 100644 --- a/2018/8xxx/CVE-2018-8381.json +++ b/2018/8xxx/CVE-2018-8381.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8381", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8381" - }, - { - "name" : "104980", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104980" - }, - { - "name" : "1041457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041457" + }, + { + "name": "104980", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104980" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8381", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8381" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8971.json b/2018/8xxx/CVE-2018-8971.json index d5f2297deb5..4867527dd9a 100644 --- a/2018/8xxx/CVE-2018-8971.json +++ b/2018/8xxx/CVE-2018-8971.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/", - "refsource" : "MISC", - "url" : "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/" - }, - { - "name" : "DSA-4206", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/", + "refsource": "MISC", + "url": "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/" + }, + { + "name": "DSA-4206", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4206" + } + ] + } +} \ No newline at end of file