diff --git a/2005/0xxx/CVE-2005-0438.json b/2005/0xxx/CVE-2005-0438.json index 5a9bc77b4d8..06fb37b84c0 100644 --- a/2005/0xxx/CVE-2005-0438.json +++ b/2005/0xxx/CVE-2005-0438.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050214 AWStats <= 6.4 Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/390368" - }, - { - "name" : "14299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14299" - }, - { - "name" : "awstats-information-disclosure(19477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14299" + }, + { + "name": "awstats-information-disclosure(19477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19477" + }, + { + "name": "20050214 AWStats <= 6.4 Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/390368" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0482.json b/2005/0xxx/CVE-2005-0482.json index 71d1bd9f294..2585508a612 100644 --- a/2005/0xxx/CVE-2005-0482.json +++ b/2005/0xxx/CVE-2005-0482.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TrackerCam 5.12 and earlier allows remote attackers to cause a denial of service (crash) via (1) a large number of connections with a negative Content-Length header, possibly triggering an integer signedness error, or (2) a large amount of data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050218 Multiple vulnerabilities in TrackerCam 5.12", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/390918" - }, - { - "name" : "12592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12592" - }, - { - "name" : "trackercam-contentlength-dos(19417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TrackerCam 5.12 and earlier allows remote attackers to cause a denial of service (crash) via (1) a large number of connections with a negative Content-Length header, possibly triggering an integer signedness error, or (2) a large amount of data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050218 Multiple vulnerabilities in TrackerCam 5.12", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/390918" + }, + { + "name": "12592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12592" + }, + { + "name": "trackercam-contentlength-dos(19417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19417" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0812.json b/2005/0xxx/CVE-2005-0812.json index 61992504483..5ed1f643680 100644 --- a/2005/0xxx/CVE-2005-0812.json +++ b/2005/0xxx/CVE-2005-0812.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#770532", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/770532" - }, - { - "name" : "12843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12843" - }, - { - "name" : "14617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14617" + }, + { + "name": "VU#770532", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/770532" + }, + { + "name": "12843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12843" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3024.json b/2005/3xxx/CVE-2005-3024.json index 3cd14093542..65ea9c2e12c 100644 --- a/2005/3xxx/CVE-2005-3024.json +++ b/2005/3xxx/CVE-2005-3024.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050920 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112732980702939&w=2" - }, - { - "name" : "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt", - "refsource" : "MISC", - "url" : "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050920 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112732980702939&w=2" + }, + { + "name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt", + "refsource": "MISC", + "url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3091.json b/2005/3xxx/CVE-2005-3091.json index 17eadc6a82c..31d814fa10d 100644 --- a/2005/3xxx/CVE-2005-3091.json +++ b/2005/3xxx/CVE-2005-3091.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 \"thraxisp\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mantisbt.org/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/changelog.php" - }, - { - "name" : "DSA-905", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-905" - }, - { - "name" : "15227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15227" - }, - { - "name" : "16506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16506" - }, - { - "name" : "17654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 \"thraxisp\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-905", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-905" + }, + { + "name": "16506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16506" + }, + { + "name": "17654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17654" + }, + { + "name": "http://www.mantisbt.org/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/changelog.php" + }, + { + "name": "15227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15227" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3242.json b/2005/3xxx/CVE-2005-3242.json index 85262ebb1a4..923fb5ccfaf 100644 --- a/2005/3xxx/CVE-2005-3242.json +++ b/2005/3xxx/CVE-2005-3242.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html" - }, - { - "name" : "DSA-1171", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1171" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "GLSA-200510-25", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml" - }, - { - "name" : "RHSA-2005:809", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-809.html" - }, - { - "name" : "SUSE-SR:2005:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html" - }, - { - "name" : "15148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15148" - }, - { - "name" : "20125", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20125" - }, - { - "name" : "20133", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20133" - }, - { - "name" : "oval:org.mitre.oval:def:10558", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10558" - }, - { - "name" : "1015082", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015082" - }, - { - "name" : "17377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17377" - }, - { - "name" : "17254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17254" - }, - { - "name" : "17286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17286" - }, - { - "name" : "17327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17327" - }, - { - "name" : "17392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17392" - }, - { - "name" : "17480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17480" - }, - { - "name" : "21813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:809", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-809.html" + }, + { + "name": "17327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17327" + }, + { + "name": "GLSA-200510-25", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml" + }, + { + "name": "17392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17392" + }, + { + "name": "17480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17480" + }, + { + "name": "1015082", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015082" + }, + { + "name": "oval:org.mitre.oval:def:10558", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10558" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00021.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html" + }, + { + "name": "20125", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20125" + }, + { + "name": "SUSE-SR:2005:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html" + }, + { + "name": "17286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17286" + }, + { + "name": "20133", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20133" + }, + { + "name": "DSA-1171", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1171" + }, + { + "name": "21813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21813" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "17377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17377" + }, + { + "name": "15148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15148" + }, + { + "name": "17254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17254" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3575.json b/2005/3xxx/CVE-2005-3575.json index 589809f3a82..77618ad2db0 100644 --- a/2005/3xxx/CVE-2005-3575.json +++ b/2005/3xxx/CVE-2005-3575.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051113 Cyphor (Release: 0.19) Sql injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/416562" - }, - { - "name" : "http://www.securiteam.com/unixfocus/6P00F1FEKC.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/6P00F1FEKC.html" - }, - { - "name" : "15418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15418" - }, - { - "name" : "ADV-2005-2420", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2420" - }, - { - "name" : "20983", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20983" - }, - { - "name" : "180", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051113 Cyphor (Release: 0.19) Sql injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/416562" + }, + { + "name": "http://www.securiteam.com/unixfocus/6P00F1FEKC.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/6P00F1FEKC.html" + }, + { + "name": "180", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/180" + }, + { + "name": "ADV-2005-2420", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2420" + }, + { + "name": "20983", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20983" + }, + { + "name": "15418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15418" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3713.json b/2005/3xxx/CVE-2005-3713.json index 89137dc99f8..7a6b839c7f1 100644 --- a/2005/3xxx/CVE-2005-3713.json +++ b/2005/3xxx/CVE-2005-3713.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421561/100/0/threaded" - }, - { - "name" : "20060111 Updated Advisories - Incorrect CVE Information", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html" - }, - { - "name" : "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html" - }, - { - "name" : "http://www.eeye.com/html/research/advisories/AD20060111d.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/research/advisories/AD20060111d.html" - }, - { - "name" : "20060111 Updated Advisories - Incorrect CVE Information", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421547/100/0/threaded" - }, - { - "name" : "APPLE-SA-2006-01-10", - "refsource" : "APPLE", - "url" : "http://docs.info.apple.com/article.html?artnum=303101" - }, - { - "name" : "TA06-011A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-011A.html" - }, - { - "name" : "VU#913449", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/913449" - }, - { - "name" : "16202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16202" - }, - { - "name" : "ADV-2006-0128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0128" - }, - { - "name" : "22338", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22338" - }, - { - "name" : "1015466", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015466" - }, - { - "name" : "18370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18370" - }, - { - "name" : "333", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/333" - }, - { - "name" : "quicktime-gif-bo(24060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060111 Updated Advisories - Incorrect CVE Information", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html" + }, + { + "name": "18370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18370" + }, + { + "name": "TA06-011A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html" + }, + { + "name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded" + }, + { + "name": "APPLE-SA-2006-01-10", + "refsource": "APPLE", + "url": "http://docs.info.apple.com/article.html?artnum=303101" + }, + { + "name": "quicktime-gif-bo(24060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060" + }, + { + "name": "333", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/333" + }, + { + "name": "ADV-2006-0128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0128" + }, + { + "name": "1015466", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015466" + }, + { + "name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html" + }, + { + "name": "16202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16202" + }, + { + "name": "VU#913449", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/913449" + }, + { + "name": "http://www.eeye.com/html/research/advisories/AD20060111d.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html" + }, + { + "name": "22338", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22338" + }, + { + "name": "20060111 Updated Advisories - Incorrect CVE Information", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3721.json b/2005/3xxx/CVE-2005-3721.json index ae7bbcc4fca..b9b63fafaa5 100644 --- a/2005/3xxx/CVE-2005-3721.json +++ b/2005/3xxx/CVE-2005-3721.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051116 Hitachi IP5000 VoIP Wifi phone multiple", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113217425618951&w=2" - }, - { - "name" : "http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf", - "refsource" : "MISC", - "url" : "http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf" - }, - { - "name" : "17628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17628" + }, + { + "name": "http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf", + "refsource": "MISC", + "url": "http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf" + }, + { + "name": "20051116 Hitachi IP5000 VoIP Wifi phone multiple", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113217425618951&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4207.json b/2005/4xxx/CVE-2005-4207.json index 2063dab0950..459472a6889 100644 --- a/2005/4xxx/CVE-2005-4207.json +++ b/2005/4xxx/CVE-2005-4207.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051212 BTGrup Admin WebController Script SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419237/100/0/threaded" - }, - { - "name" : "15819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15819" - }, - { - "name" : "21815", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21815" - }, - { - "name" : "249", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "249", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/249" + }, + { + "name": "20051212 BTGrup Admin WebController Script SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419237/100/0/threaded" + }, + { + "name": "21815", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21815" + }, + { + "name": "15819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15819" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4269.json b/2005/4xxx/CVE-2005-4269.json index ecbe65e1c34..fccec50b832 100644 --- a/2005/4xxx/CVE-2005-4269.json +++ b/2005/4xxx/CVE-2005-4269.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the \"Delete\" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "908233", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/908233/" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the \"Delete\" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "908233", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/908233/" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4372.json b/2005/4xxx/CVE-2005-4372.json index 248613173ae..c08d91178fc 100644 --- a/2005/4xxx/CVE-2005-4372.json +++ b/2005/4xxx/CVE-2005-4372.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/awf-adaptive-website-framework-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/awf-adaptive-website-framework-vuln.html" - }, - { - "name" : "http://www.awf-cms.org/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.awf-cms.org/news.html" - }, - { - "name" : "15937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15937" - }, - { - "name" : "ADV-2005-2973", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2973" - }, - { - "name" : "21914", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21914", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21914" + }, + { + "name": "15937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15937" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/awf-adaptive-website-framework-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/awf-adaptive-website-framework-vuln.html" + }, + { + "name": "http://www.awf-cms.org/news.html", + "refsource": "CONFIRM", + "url": "http://www.awf-cms.org/news.html" + }, + { + "name": "ADV-2005-2973", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2973" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4576.json b/2005/4xxx/CVE-2005-4576.json index 61a12848049..891199df70f 100644 --- a/2005/4xxx/CVE-2005-4576.json +++ b/2005/4xxx/CVE-2005-4576.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/fatwire-updateengine-62-multiple-xss.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/fatwire-updateengine-62-multiple-xss.html" - }, - { - "name" : "16073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16073" - }, - { - "name" : "21936", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21936" - }, - { - "name" : "18259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18259" - }, - { - "name" : "fatwire-updateengine-xss(23848)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fatwire-updateengine-xss(23848)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23848" + }, + { + "name": "18259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18259" + }, + { + "name": "21936", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21936" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/fatwire-updateengine-62-multiple-xss.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/fatwire-updateengine-62-multiple-xss.html" + }, + { + "name": "16073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16073" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0280.json b/2009/0xxx/CVE-2009-0280.json index 64be15ac482..d6e3c30a8a5 100644 --- a/2009/0xxx/CVE-2009-0280.json +++ b/2009/0xxx/CVE-2009-0280.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090122 Asp-project Cookie Handling", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500292/100/0/threaded" - }, - { - "name" : "7850", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7850" - }, - { - "name" : "33401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33401" - }, - { - "name" : "aspproject-cookie-security-bypass(48172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspproject-cookie-security-bypass(48172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48172" + }, + { + "name": "20090122 Asp-project Cookie Handling", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500292/100/0/threaded" + }, + { + "name": "7850", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7850" + }, + { + "name": "33401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33401" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0671.json b/2009/0xxx/CVE-2009-0671.json index ef1e12b1c31..b5a1e48f169 100644 --- a/2009/0xxx/CVE-2009-0671.json +++ b/2009/0xxx/CVE-2009-0671.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0671", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp). NOTE: Red Hat has disputed the vulnerability, stating \"The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional.\" CVE agrees that the exploit contains syntax errors and uses Unix-only include files while invoking Windows functions." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-0671", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp). NOTE: Red Hat has disputed the vulnerability, stating \"The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional.\" CVE agrees that the exploit contains syntax errors and uses Unix-only include files while invoking Windows functions." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0820.json b/2009/0xxx/CVE-2009-0820.json index f0db9533fd4..690ac09eac8 100644 --- a/2009/0xxx/CVE-2009-0820.json +++ b/2009/0xxx/CVE-2009-0820.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/check.php?r1=318&r2=332", - "refsource" : "CONFIRM", - "url" : "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/check.php?r1=318&r2=332" - }, - { - "name" : "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328", - "refsource" : "CONFIRM", - "url" : "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=662749", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=662749" - }, - { - "name" : "33991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33991" - }, - { - "name" : "ADV-2009-0491", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328", + "refsource": "CONFIRM", + "url": "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328" + }, + { + "name": "ADV-2009-0491", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0491" + }, + { + "name": "33991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33991" + }, + { + "name": "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/check.php?r1=318&r2=332", + "refsource": "CONFIRM", + "url": "http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/check.php?r1=318&r2=332" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=662749", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=662749" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2516.json b/2009/2xxx/CVE-2009-2516.json index 251de1dd104..b31a94967a3 100644 --- a/2009/2xxx/CVE-2009-2516.json +++ b/2009/2xxx/CVE-2009-2516.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka \"Windows Kernel NULL Pointer Dereference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-2516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nsfocus.com/en/advisories/0903.html", - "refsource" : "MISC", - "url" : "http://www.nsfocus.com/en/advisories/0903.html" - }, - { - "name" : "MS09-058", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-058" - }, - { - "name" : "TA09-286A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6264", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka \"Windows Kernel NULL Pointer Dereference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6264", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6264" + }, + { + "name": "MS09-058", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-058" + }, + { + "name": "TA09-286A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" + }, + { + "name": "http://www.nsfocus.com/en/advisories/0903.html", + "refsource": "MISC", + "url": "http://www.nsfocus.com/en/advisories/0903.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2599.json b/2009/2xxx/CVE-2009-2599.json index 5b0c0c9f5a8..afc1ff164f8 100644 --- a/2009/2xxx/CVE-2009-2599.json +++ b/2009/2xxx/CVE-2009-2599.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8834", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8834" - }, - { - "name" : "35287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35287" - }, - { - "name" : "radclassifieds-index-sql-injection(50867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35287" + }, + { + "name": "8834", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8834" + }, + { + "name": "radclassifieds-index-sql-injection(50867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50867" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3321.json b/2009/3xxx/CVE-2009-3321.json index 0ae48ff66ec..447edc5ee89 100644 --- a/2009/3xxx/CVE-2009-3321.json +++ b/2009/3xxx/CVE-2009-3321.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9700", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9700" - }, - { - "name" : "36422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36422" - }, - { - "name" : "58173", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58173" - }, - { - "name" : "36737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36737" - }, - { - "name" : "saphplesson-clientip-sql-injection(53305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9700", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9700" + }, + { + "name": "36422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36422" + }, + { + "name": "36737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36737" + }, + { + "name": "58173", + "refsource": "OSVDB", + "url": "http://osvdb.org/58173" + }, + { + "name": "saphplesson-clientip-sql-injection(53305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53305" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3368.json b/2009/3xxx/CVE-2009-3368.json index f9659553fa8..9d68e4f7871 100644 --- a/2009/3xxx/CVE-2009-3368.json +++ b/2009/3xxx/CVE-2009-3368.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090914 [ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506444/100/0/threaded" - }, - { - "name" : "9648", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9648" - }, - { - "name" : "http://e-rdc.org/v1/news.php?readmore=142", - "refsource" : "MISC", - "url" : "http://e-rdc.org/v1/news.php?readmore=142" - }, - { - "name" : "36380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36380" - }, - { - "name" : "33215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33215" + }, + { + "name": "9648", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9648" + }, + { + "name": "36380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36380" + }, + { + "name": "http://e-rdc.org/v1/news.php?readmore=142", + "refsource": "MISC", + "url": "http://e-rdc.org/v1/news.php?readmore=142" + }, + { + "name": "20090914 [ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506444/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3553.json b/2009/3xxx/CVE-2009-3553.json index f092d78139e..799fd479d5e 100644 --- a/2009/3xxx/CVE-2009-3553.json +++ b/2009/3xxx/CVE-2009-3553.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs", - "refsource" : "MISC", - "url" : "http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs" - }, - { - "name" : "http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs", - "refsource" : "MISC", - "url" : "http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs" - }, - { - "name" : "http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs", - "refsource" : "MISC", - "url" : "http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs" - }, - { - "name" : "http://www.cups.org/str.php?L3200", - "refsource" : "MISC", - "url" : "http://www.cups.org/str.php?L3200" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=530111", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=530111" - }, - { - "name" : "http://support.apple.com/kb/HT4004", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4004" - }, - { - "name" : "APPLE-SA-2010-01-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" - }, - { - "name" : "DSA-2176", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2176" - }, - { - "name" : "FEDORA-2009-12652", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00332.html" - }, - { - "name" : "GLSA-201207-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201207-10.xml" - }, - { - "name" : "MDVSA-2010:073", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:073" - }, - { - "name" : "RHSA-2009:1595", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1595.html" - }, - { - "name" : "275230", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1" - }, - { - "name" : "USN-906-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-906-1" - }, - { - "name" : "37048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37048" - }, - { - "name" : "oval:org.mitre.oval:def:11183", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11183" - }, - { - "name" : "37360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37360" - }, - { - "name" : "37364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37364" - }, - { - "name" : "38241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38241" - }, - { - "name" : "43521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43521" - }, - { - "name" : "ADV-2010-0173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0173" - }, - { - "name" : "ADV-2011-0535", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37364" + }, + { + "name": "oval:org.mitre.oval:def:11183", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11183" + }, + { + "name": "USN-906-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-906-1" + }, + { + "name": "RHSA-2009:1595", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1595.html" + }, + { + "name": "37048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37048" + }, + { + "name": "http://support.apple.com/kb/HT4004", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4004" + }, + { + "name": "DSA-2176", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2176" + }, + { + "name": "http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs", + "refsource": "MISC", + "url": "http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs" + }, + { + "name": "APPLE-SA-2010-01-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" + }, + { + "name": "GLSA-201207-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201207-10.xml" + }, + { + "name": "ADV-2011-0535", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0535" + }, + { + "name": "37360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37360" + }, + { + "name": "MDVSA-2010:073", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:073" + }, + { + "name": "http://www.cups.org/str.php?L3200", + "refsource": "MISC", + "url": "http://www.cups.org/str.php?L3200" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=530111", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530111" + }, + { + "name": "http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs", + "refsource": "MISC", + "url": "http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs" + }, + { + "name": "FEDORA-2009-12652", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00332.html" + }, + { + "name": "43521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43521" + }, + { + "name": "38241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38241" + }, + { + "name": "http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs", + "refsource": "MISC", + "url": "http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs" + }, + { + "name": "275230", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1" + }, + { + "name": "ADV-2010-0173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0173" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3918.json b/2009/3xxx/CVE-2009-3918.json index c8848083276..b4f8a511262 100644 --- a/2009/3xxx/CVE-2009-3918.json +++ b/2009/3xxx/CVE-2009-3918.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/623434", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/623434" - }, - { - "name" : "http://drupal.org/node/623436", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/623436" - }, - { - "name" : "http://drupal.org/node/623678", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/623678" - }, - { - "name" : "36930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36930" - }, - { - "name" : "59671", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59671" - }, - { - "name" : "37263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37263" - }, - { - "name" : "zoomify-node-title-xss(54155)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/623436", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/623436" + }, + { + "name": "59671", + "refsource": "OSVDB", + "url": "http://osvdb.org/59671" + }, + { + "name": "37263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37263" + }, + { + "name": "http://drupal.org/node/623434", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/623434" + }, + { + "name": "36930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36930" + }, + { + "name": "zoomify-node-title-xss(54155)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54155" + }, + { + "name": "http://drupal.org/node/623678", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/623678" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4367.json b/2009/4xxx/CVE-2009-4367.json index e5843f771ab..6706d813289 100644 --- a/2009/4xxx/CVE-2009-4367.json +++ b/2009/4xxx/CVE-2009-4367.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Staging Webservice (\"sitecore modules/staging/service/api.asmx\") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091217 SEC Consult SA-20091217-0 :: Authentication bypass and file manipulation in Sitecore Staging Module", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508529/100/0/threaded" - }, - { - "name" : "10513", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10513" - }, - { - "name" : "https://www.sec-consult.com/files/20091217-0_sitecore_StagingModule_1.0.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/files/20091217-0_sitecore_StagingModule_1.0.txt" - }, - { - "name" : "37388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37388" - }, - { - "name" : "61147", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61147" - }, - { - "name" : "37763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37763" - }, - { - "name" : "sitecore-staging-api-sec-bypass(54881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Staging Webservice (\"sitecore modules/staging/service/api.asmx\") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10513", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10513" + }, + { + "name": "37763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37763" + }, + { + "name": "20091217 SEC Consult SA-20091217-0 :: Authentication bypass and file manipulation in Sitecore Staging Module", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508529/100/0/threaded" + }, + { + "name": "https://www.sec-consult.com/files/20091217-0_sitecore_StagingModule_1.0.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/files/20091217-0_sitecore_StagingModule_1.0.txt" + }, + { + "name": "37388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37388" + }, + { + "name": "61147", + "refsource": "OSVDB", + "url": "http://osvdb.org/61147" + }, + { + "name": "sitecore-staging-api-sec-bypass(54881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54881" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4802.json b/2009/4xxx/CVE-2009-4802.json index 3e8668c0c99..77e18dce10c 100644 --- a/2009/4xxx/CVE-2009-4802.json +++ b/2009/4xxx/CVE-2009-4802.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/flatmgr/1.9.16/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/flatmgr/1.9.16/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/" - }, - { - "name" : "33998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33998" - }, - { - "name" : "34158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/flatmgr/1.9.16/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/flatmgr/1.9.16/" + }, + { + "name": "34158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34158" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/" + }, + { + "name": "33998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33998" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4909.json b/2009/4xxx/CVE-2009-4909.json index 22ce4976efb..4578a59e943 100644 --- a/2009/4xxx/CVE-2009-4909.json +++ b/2009/4xxx/CVE-2009-4909.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt" - }, - { - "name" : "oblog-index-weak-security(59824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt" + }, + { + "name": "oblog-index-weak-security(59824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59824" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4928.json b/2009/4xxx/CVE-2009-4928.json index 07fbc57af38..87bf7a99fb0 100644 --- a/2009/4xxx/CVE-2009-4928.json +++ b/2009/4xxx/CVE-2009-4928.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8494", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8494" - }, - { - "name" : "34617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34617" + }, + { + "name": "8494", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8494" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2536.json b/2012/2xxx/CVE-2012-2536.json index 9e6f3a317ba..7ca5be5c099 100644 --- a/2012/2xxx/CVE-2012-2536.json +++ b/2012/2xxx/CVE-2012-2536.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Reflected XSS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-062", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062" - }, - { - "name" : "TA12-255A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-255A.html" - }, - { - "name" : "55430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55430" - }, - { - "name" : "oval:org.mitre.oval:def:15781", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Reflected XSS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15781", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781" + }, + { + "name": "TA12-255A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html" + }, + { + "name": "MS12-062", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062" + }, + { + "name": "55430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55430" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0152.json b/2015/0xxx/CVE-2015-0152.json index 1b27fbc9eaf..73b3d4aae24 100644 --- a/2015/0xxx/CVE-2015-0152.json +++ b/2015/0xxx/CVE-2015-0152.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", - "refsource" : "CONFIRM", - "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF" - }, - { - "name" : "dlink-dir815-cve20150152-info-disc(110585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", + "refsource": "CONFIRM", + "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF" + }, + { + "name": "dlink-dir815-cve20150152-info-disc(110585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/110585" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0214.json b/2015/0xxx/CVE-2015-0214.json index d2397489945..5123b536665 100644 --- a/2015/0xxx/CVE-2015-0214.json +++ b/2015/0xxx/CVE-2015-0214.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150119 Moodle security issues are now public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/01/19/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=278614", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=278614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=278614", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=278614" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329" + }, + { + "name": "[oss-security] 20150119 Moodle security issues are now public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/01/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0590.json b/2015/0xxx/CVE-2015-0590.json index 81a4a482b30..0d44f63855e 100644 --- a/2015/0xxx/CVE-2015-0590.json +++ b/2015/0xxx/CVE-2015-0590.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150115 Cisco Hosted WebEx Meeting Center Information Disclosure", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590" - }, - { - "name" : "1031558", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031558" - }, - { - "name" : "cisco-webexmc-cve20150590-info-disc(100576)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150115 Cisco Hosted WebEx Meeting Center Information Disclosure", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590" + }, + { + "name": "1031558", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031558" + }, + { + "name": "cisco-webexmc-cve20150590-info-disc(100576)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100576" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0661.json b/2015/0xxx/CVE-2015-0661.json index 7f025f46bfc..f1c97b9be95 100644 --- a/2015/0xxx/CVE-2015-0661.json +++ b/2015/0xxx/CVE-2015-0661.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150305 Cisco IOS XR Software Malformed SNMP Packet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0661" - }, - { - "name" : "1031843", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150305 Cisco IOS XR Software Malformed SNMP Packet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0661" + }, + { + "name": "1031843", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031843" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1223.json b/2015/1xxx/CVE-2015-1223.json index 513dfd7ebb6..033900b87b0 100644 --- a/2015/1xxx/CVE-2015-1223.json +++ b/2015/1xxx/CVE-2015-1223.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" - }, - { - "name" : "https://chromium.googlesource.com/chromium/blink.git/+/de1fee41e2c1bbfea7a564ad81e0b511a462fe0b", - "refsource" : "CONFIRM", - "url" : "https://chromium.googlesource.com/chromium/blink.git/+/de1fee41e2c1bbfea7a564ad81e0b511a462fe0b" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=454231", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=454231" - }, - { - "name" : "GLSA-201503-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-12" - }, - { - "name" : "RHSA-2015:0627", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0627.html" - }, - { - "name" : "USN-2521-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2521-1" - }, - { - "name" : "72901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2521-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2521-1" + }, + { + "name": "https://chromium.googlesource.com/chromium/blink.git/+/de1fee41e2c1bbfea7a564ad81e0b511a462fe0b", + "refsource": "CONFIRM", + "url": "https://chromium.googlesource.com/chromium/blink.git/+/de1fee41e2c1bbfea7a564ad81e0b511a462fe0b" + }, + { + "name": "72901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72901" + }, + { + "name": "GLSA-201503-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-12" + }, + { + "name": "RHSA-2015:0627", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=454231", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=454231" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1283.json b/2015/1xxx/CVE-2015-1283.json index ff5b63af2be..296044e7f4f 100644 --- a/2015/1xxx/CVE-2015-1283.json +++ b/2015/1xxx/CVE-2015-1283.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=492052", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=492052" - }, - { - "name" : "https://codereview.chromium.org/1224303003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1224303003" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-20", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-20" - }, - { - "name" : "DSA-3315", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3315" - }, - { - "name" : "DSA-3318", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3318" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "GLSA-201701-21", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-21" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:1508", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html" - }, - { - "name" : "SUSE-SU-2016:1512", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:1523", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html" - }, - { - "name" : "openSUSE-SU-2016:1441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html" - }, - { - "name" : "USN-2726-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2726-1" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=492052", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=492052" + }, + { + "name": "openSUSE-SU-2016:1523", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "DSA-3318", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3318" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "SUSE-SU-2016:1508", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html" + }, + { + "name": "GLSA-201701-21", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-21" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "SUSE-SU-2016:1512", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html" + }, + { + "name": "https://codereview.chromium.org/1224303003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1224303003" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "USN-2726-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2726-1" + }, + { + "name": "openSUSE-SU-2016:1441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html" + }, + { + "name": "DSA-3315", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3315" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1567.json b/2015/1xxx/CVE-2015-1567.json index a9f50d555f9..b7c6f6471e4 100644 --- a/2015/1xxx/CVE-2015-1567.json +++ b/2015/1xxx/CVE-2015-1567.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the \"edit gd infinite scroll settings\" permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2415885", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2415885" - }, - { - "name" : "https://www.drupal.org/node/2415219", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2415219" - }, - { - "name" : "drupal-gdinfinitescroll-xss(100629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the \"edit gd infinite scroll settings\" permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2415219", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2415219" + }, + { + "name": "https://www.drupal.org/node/2415885", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2415885" + }, + { + "name": "drupal-gdinfinitescroll-xss(100629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100629" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1614.json b/2015/1xxx/CVE-2015-1614.json index f16f0ed0ab3..1fbcbd61a5b 100644 --- a/2015/1xxx/CVE-2015-1614.json +++ b/2015/1xxx/CVE-2015-1614.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher[caption] parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150215 Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534711/100/0/threaded" - }, - { - "name" : "20150217 CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534718/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130404/WordPress-Image-Metadata-Cruncher-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130404/WordPress-Image-Metadata-Cruncher-Cross-Site-Scripting.html" - }, - { - "name" : "image-metadata-wordpress-xss(100926)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher[caption] parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "image-metadata-wordpress-xss(100926)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100926" + }, + { + "name": "http://packetstormsecurity.com/files/130404/WordPress-Image-Metadata-Cruncher-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130404/WordPress-Image-Metadata-Cruncher-Cross-Site-Scripting.html" + }, + { + "name": "20150217 CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534718/100/0/threaded" + }, + { + "name": "20150215 Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534711/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1695.json b/2015/1xxx/CVE-2015-1695.json index 65d1250ae5a..212f0ee51b0 100644 --- a/2015/1xxx/CVE-2015-1695.json +++ b/2015/1xxx/CVE-2015-1695.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka \"Windows Journal Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045" - }, - { - "name" : "1032280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka \"Windows Journal Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032280" + }, + { + "name": "MS15-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1837.json b/2015/1xxx/CVE-2015-1837.json index 4b36c7e41d1..608e17837f1 100644 --- a/2015/1xxx/CVE-2015-1837.json +++ b/2015/1xxx/CVE-2015-1837.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1837", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1837", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1890.json b/2015/1xxx/CVE-2015-1890.json index 05f4785d41f..dff68c8608f 100644 --- a/2015/1xxx/CVE-2015-1890.json +++ b/2015/1xxx/CVE-2015-1890.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=isg3T1022077", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg3T1022077" - }, - { - "name" : "73918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73918" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=isg3T1022077", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=isg3T1022077" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5156.json b/2015/5xxx/CVE-2015-5156.json index dab3bce25f0..af35f16e402 100644 --- a/2015/5xxx/CVE-2015-5156.json +++ b/2015/5xxx/CVE-2015-5156.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1243852", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1243852" - }, - { - "name" : "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3364", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3364" - }, - { - "name" : "FEDORA-2015-c15f00eb95", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169378.html" - }, - { - "name" : "FEDORA-2015-0253d1f070", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171454.html" - }, - { - "name" : "RHSA-2016:0855", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0855.html" - }, - { - "name" : "RHSA-2015:1978", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1978.html" - }, - { - "name" : "SUSE-SU-2015:2292", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html" - }, - { - "name" : "USN-2777-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2777-1" - }, - { - "name" : "USN-2773-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2773-1" - }, - { - "name" : "USN-2774-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2774-1" - }, - { - "name" : "76230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76230" - }, - { - "name" : "1034045", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:2292", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html" + }, + { + "name": "RHSA-2016:0855", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html" + }, + { + "name": "DSA-3364", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3364" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "SUSE-SU-2015:1727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html" + }, + { + "name": "RHSA-2015:1978", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1978.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "FEDORA-2015-0253d1f070", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171454.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39" + }, + { + "name": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "76230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76230" + }, + { + "name": "USN-2774-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2774-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243852", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243852" + }, + { + "name": "USN-2773-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2773-1" + }, + { + "name": "FEDORA-2015-c15f00eb95", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169378.html" + }, + { + "name": "1034045", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034045" + }, + { + "name": "USN-2777-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2777-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5431.json b/2015/5xxx/CVE-2015-5431.json index 644b09af912..b5dd53b572b 100644 --- a/2015/5xxx/CVE-2015-5431.json +++ b/2015/5xxx/CVE-2015-5431.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5579.json b/2015/5xxx/CVE-2015-5579.json index 95c51250d8c..f36bce728e1 100644 --- a/2015/5xxx/CVE-2015-5579.json +++ b/2015/5xxx/CVE-2015-5579.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5567." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76800" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5567." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "name": "76800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76800" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11251.json b/2018/11xxx/CVE-2018-11251.json index 6f76ab10fbd..1b65f06b16b 100644 --- a/2018/11xxx/CVE-2018-11251.json +++ b/2018/11xxx/CVE-2018-11251.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html" - }, - { - "name" : "[debian-lts-announce] 20180626 [SECURITY] [DLA 1394-1] imagemagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00004.html" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/956", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/956" - }, - { - "name" : "DSA-4245", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4245" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html" + }, + { + "name": "[debian-lts-announce] 20180626 [SECURITY] [DLA 1394-1] imagemagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00004.html" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/956", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/956" + }, + { + "name": "DSA-4245", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4245" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11631.json b/2018/11xxx/CVE-2018-11631.json index f42a6a6de3a..0f3856ae598 100644 --- a/2018/11xxx/CVE-2018-11631.json +++ b/2018/11xxx/CVE-2018-11631.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xMagass/bandexploit", - "refsource" : "MISC", - "url" : "https://github.com/xMagass/bandexploit" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xMagass/bandexploit", + "refsource": "MISC", + "url": "https://github.com/xMagass/bandexploit" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3212.json b/2018/3xxx/CVE-2018-3212.json index 2a674466147..af6083f8d93 100644 --- a/2018/3xxx/CVE-2018-3212.json +++ b/2018/3xxx/CVE-2018-3212.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "105607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105607" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "105607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105607" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3289.json b/2018/3xxx/CVE-2018-3289.json index 76a10205731..5ab871c610d 100644 --- a/2018/3xxx/CVE-2018-3289.json +++ b/2018/3xxx/CVE-2018-3289.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.20" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.20" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105619" - }, - { - "name" : "1041887", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "1041887", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041887" + }, + { + "name": "105619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105619" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3371.json b/2018/3xxx/CVE-2018-3371.json index 2f3f678e7e3..ea1d10e056a 100644 --- a/2018/3xxx/CVE-2018-3371.json +++ b/2018/3xxx/CVE-2018-3371.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3371", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3371", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3627.json b/2018/3xxx/CVE-2018-3627.json index 2904f00f92b..b27ecf60326 100644 --- a/2018/3xxx/CVE-2018-3627.json +++ b/2018/3xxx/CVE-2018-3627.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2018-3627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Converged Security Management Engine (Intel CSME)", - "version" : { - "version_data" : [ - { - "version_value" : "11.x" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2018-3627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Converged Security Management Engine (Intel CSME)", + "version": { + "version_data": [ + { + "version_value": "11.x" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3978.json b/2018/3xxx/CVE-2018-3978.json index 54cc3343a5a..70d81e03702 100644 --- a/2018/3xxx/CVE-2018-3978.json +++ b/2018/3xxx/CVE-2018-3978.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlantis Word Processor", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.2.3, 3.0.2.5" - } - ] - } - } - ] - }, - "vendor_name" : "The Atlantis Word Processor Team" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlantis Word Processor", + "version": { + "version_data": [ + { + "version_value": "3.0.2.3, 3.0.2.5" + } + ] + } + } + ] + }, + "vendor_name": "The Atlantis Word Processor Team" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0646", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0646", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0646" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6560.json b/2018/6xxx/CVE-2018-6560.json index 1f2e02e3630..e5ede7867ce 100644 --- a/2018/6xxx/CVE-2018-6560.json +++ b/2018/6xxx/CVE-2018-6560.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6", - "refsource" : "CONFIRM", - "url" : "https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6" - }, - { - "name" : "https://github.com/flatpak/flatpak/releases/tag/0.10.3", - "refsource" : "CONFIRM", - "url" : "https://github.com/flatpak/flatpak/releases/tag/0.10.3" - }, - { - "name" : "https://github.com/flatpak/flatpak/releases/tag/0.8.9", - "refsource" : "CONFIRM", - "url" : "https://github.com/flatpak/flatpak/releases/tag/0.8.9" - }, - { - "name" : "RHSA-2018:2766", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6", + "refsource": "CONFIRM", + "url": "https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6" + }, + { + "name": "RHSA-2018:2766", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2766" + }, + { + "name": "https://github.com/flatpak/flatpak/releases/tag/0.10.3", + "refsource": "CONFIRM", + "url": "https://github.com/flatpak/flatpak/releases/tag/0.10.3" + }, + { + "name": "https://github.com/flatpak/flatpak/releases/tag/0.8.9", + "refsource": "CONFIRM", + "url": "https://github.com/flatpak/flatpak/releases/tag/0.8.9" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6941.json b/2018/6xxx/CVE-2018-6941.json index b25b94151da..be56ebab53c 100644 --- a/2018/6xxx/CVE-2018-6941.json +++ b/2018/6xxx/CVE-2018-6941.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44034", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44034/" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/146402/NAT32-Build-22284-Remote-Command-Execution-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/146402/NAT32-Build-22284-Remote-Command-Execution-CSRF.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44034", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44034/" + }, + { + "name": "http://packetstormsecurity.com/files/146402/NAT32-Build-22284-Remote-Command-Execution-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/146402/NAT32-Build-22284-Remote-Command-Execution-CSRF.html" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7020.json b/2018/7xxx/CVE-2018-7020.json index 9f33de66c2e..68cf4401b58 100644 --- a/2018/7xxx/CVE-2018-7020.json +++ b/2018/7xxx/CVE-2018-7020.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7020", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7020", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7394.json b/2018/7xxx/CVE-2018-7394.json index e9771520320..22487db9e2c 100644 --- a/2018/7xxx/CVE-2018-7394.json +++ b/2018/7xxx/CVE-2018-7394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7394", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7394", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7442.json b/2018/7xxx/CVE-2018-7442.json index 9d66a6abcd6..819d41dc673 100644 --- a/2018/7xxx/CVE-2018-7442.json +++ b/2018/7xxx/CVE-2018-7442.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.debian.org/debian-lts/2018/02/msg00086.html", - "refsource" : "MISC", - "url" : "https://lists.debian.org/debian-lts/2018/02/msg00086.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lists.debian.org/debian-lts/2018/02/msg00086.html", + "refsource": "MISC", + "url": "https://lists.debian.org/debian-lts/2018/02/msg00086.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7525.json b/2018/7xxx/CVE-2018-7525.json index 5b46b9b74c2..ab925cafe0e 100644 --- a/2018/7xxx/CVE-2018-7525.json +++ b/2018/7xxx/CVE-2018-7525.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-03-13T00:00:00", - "ID" : "CVE-2018-7525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Omron CX-Supervisor", - "version" : { - "version_data" : [ - { - "version_value" : "Version 3.30 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UNTRUSTED POINTER DEREFERENCE CWE-822" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-03-13T00:00:00", + "ID": "CVE-2018-7525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Omron CX-Supervisor", + "version": { + "version_data": [ + { + "version_value": "Version 3.30 and prior" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" - }, - { - "name" : "103394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNTRUSTED POINTER DEREFERENCE CWE-822" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103394" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8479.json b/2018/8xxx/CVE-2018-8479.json index 38eef01e2ba..6ba2f32311a 100644 --- a/2018/8xxx/CVE-2018-8479.json +++ b/2018/8xxx/CVE-2018-8479.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "C SDK", - "version" : { - "version_data" : [ - { - "version_value" : "Azure IoT" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka \"Azure IoT SDK Spoofing Vulnerability.\" This affects C SDK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "C SDK", + "version": { + "version_data": [ + { + "version_value": "Azure IoT" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8479", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8479" - }, - { - "name" : "105323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka \"Azure IoT SDK Spoofing Vulnerability.\" This affects C SDK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105323" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8479", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8479" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8543.json b/2018/8xxx/CVE-2018-8543.json index c592d0c78a9..36203fbd1e1 100644 --- a/2018/8xxx/CVE-2018-8543.json +++ b/2018/8xxx/CVE-2018-8543.json @@ -1,130 +1,130 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8543", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8543" - }, - { - "name" : "105846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105846" - }, - { - "name" : "1042107", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8543", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8543" + }, + { + "name": "105846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105846" + }, + { + "name": "1042107", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042107" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8724.json b/2018/8xxx/CVE-2018-8724.json index 7339e27b1e8..a0bbeef6632 100644 --- a/2018/8xxx/CVE-2018-8724.json +++ b/2018/8xxx/CVE-2018-8724.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8724", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8724", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8945.json b/2018/8xxx/CVE-2018-8945.json index 9b33ec0ef40..37940e8427d 100644 --- a/2018/8xxx/CVE-2018-8945.json +++ b/2018/8xxx/CVE-2018-8945.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22809", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22809" - }, - { - "name" : "GLSA-201811-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-17" - }, - { - "name" : "RHSA-2018:3032", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3032", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3032" + }, + { + "name": "GLSA-201811-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-17" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22809", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22809" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8957.json b/2018/8xxx/CVE-2018-8957.json index fed57a449fb..faf2b152d74 100644 --- a/2018/8xxx/CVE-2018-8957.json +++ b/2018/8xxx/CVE-2018-8957.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ttylx/Cve_reveal", - "refsource" : "MISC", - "url" : "https://github.com/ttylx/Cve_reveal" - }, - { - "name" : "https://github.com/ttylx/Cve_reveal/blob/master/CoverCMS_01/Covercms_1.md", - "refsource" : "MISC", - "url" : "https://github.com/ttylx/Cve_reveal/blob/master/CoverCMS_01/Covercms_1.md" - }, - { - "name" : "https://github.com/ttylx/Cve_reveal/blob/master/CoverCMS_01/re.md", - "refsource" : "MISC", - "url" : "https://github.com/ttylx/Cve_reveal/blob/master/CoverCMS_01/re.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ttylx/Cve_reveal", + "refsource": "MISC", + "url": "https://github.com/ttylx/Cve_reveal" + }, + { + "name": "https://github.com/ttylx/Cve_reveal/blob/master/CoverCMS_01/re.md", + "refsource": "MISC", + "url": "https://github.com/ttylx/Cve_reveal/blob/master/CoverCMS_01/re.md" + }, + { + "name": "https://github.com/ttylx/Cve_reveal/blob/master/CoverCMS_01/Covercms_1.md", + "refsource": "MISC", + "url": "https://github.com/ttylx/Cve_reveal/blob/master/CoverCMS_01/Covercms_1.md" + } + ] + } +} \ No newline at end of file