diff --git a/2005/0xxx/CVE-2005-0001.json b/2005/0xxx/CVE-2005-0001.json index 5ab0845f76f..95ceec4e469 100644 --- a/2005/0xxx/CVE-2005-0001.json +++ b/2005/0xxx/CVE-2005-0001.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050112 Linux kernel i386 SMP page fault handler privilege escalation", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110554694522719&w=2" - }, - { - "name" : "20050112 Linux kernel i386 SMP page fault handler privilege escalation", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html" - }, - { - "name" : "http://isec.pl/vulnerabilities/isec-0022-pagefault.txt", - "refsource" : "MISC", - "url" : "http://isec.pl/vulnerabilities/isec-0022-pagefault.txt" - }, - { - "name" : "CLA-2005:930", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930" - }, - { - "name" : "DSA-1070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1070" - }, - { - "name" : "DSA-1067", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1067" - }, - { - "name" : "DSA-1069", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1069" - }, - { - "name" : "DSA-1082", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1082" - }, - { - "name" : "FLSA:2336", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336" - }, - { - "name" : "MDKSA-2005:022", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" - }, - { - "name" : "RHSA-2005:043", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-043.html" - }, - { - "name" : "RHSA-2005:092", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-092.html" - }, - { - "name" : "RHSA-2005:016", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-016.html" - }, - { - "name" : "RHSA-2005:017", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-017.html" - }, - { - "name" : "2005-0001", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0001/" - }, - { - "name" : "20050114 [USN-60-0] Linux kernel vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110581146702951&w=2" - }, - { - "name" : "12244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12244" - }, - { - "name" : "oval:org.mitre.oval:def:10322", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10322" - }, - { - "name" : "1012862", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012862" - }, - { - "name" : "13822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13822" - }, - { - "name" : "20163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20163" - }, - { - "name" : "20202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20202" - }, - { - "name" : "20338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20338" - }, - { - "name" : "linux-fault-handler-gain-privileges(18849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20163" + }, + { + "name": "13822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13822" + }, + { + "name": "DSA-1082", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1082" + }, + { + "name": "MDKSA-2005:022", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" + }, + { + "name": "RHSA-2005:017", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-017.html" + }, + { + "name": "FLSA:2336", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336" + }, + { + "name": "20050112 Linux kernel i386 SMP page fault handler privilege escalation", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110554694522719&w=2" + }, + { + "name": "oval:org.mitre.oval:def:10322", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10322" + }, + { + "name": "DSA-1070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1070" + }, + { + "name": "RHSA-2005:016", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-016.html" + }, + { + "name": "RHSA-2005:043", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-043.html" + }, + { + "name": "2005-0001", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0001/" + }, + { + "name": "RHSA-2005:092", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-092.html" + }, + { + "name": "linux-fault-handler-gain-privileges(18849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18849" + }, + { + "name": "DSA-1067", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1067" + }, + { + "name": "DSA-1069", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1069" + }, + { + "name": "CLA-2005:930", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930" + }, + { + "name": "20050114 [USN-60-0] Linux kernel vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110581146702951&w=2" + }, + { + "name": "http://isec.pl/vulnerabilities/isec-0022-pagefault.txt", + "refsource": "MISC", + "url": "http://isec.pl/vulnerabilities/isec-0022-pagefault.txt" + }, + { + "name": "20050112 Linux kernel i386 SMP page fault handler privilege escalation", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html" + }, + { + "name": "20202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20202" + }, + { + "name": "12244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12244" + }, + { + "name": "20338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20338" + }, + { + "name": "1012862", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012862" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0259.json b/2005/0xxx/CVE-2005-0259.json index a850fb92e53..b92c0b6138e 100644 --- a/2005/0xxx/CVE-2005-0259.json +++ b/2005/0xxx/CVE-2005-0259.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the \"Upload Avatar from a URL:\" field to reference the target file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050222 phpBB Group phpBB Arbitrary File Disclosure Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities" - }, - { - "name" : "http://www.phpbb.com/support/documents.php?mode=changelog", - "refsource" : "CONFIRM", - "url" : "http://www.phpbb.com/support/documents.php?mode=changelog" - }, - { - "name" : "GLSA-200503-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml" - }, - { - "name" : "VU#774686", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/774686" - }, - { - "name" : "14362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14362/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the \"Upload Avatar from a URL:\" field to reference the target file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14362/" + }, + { + "name": "20050222 phpBB Group phpBB Arbitrary File Disclosure Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities" + }, + { + "name": "GLSA-200503-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml" + }, + { + "name": "http://www.phpbb.com/support/documents.php?mode=changelog", + "refsource": "CONFIRM", + "url": "http://www.phpbb.com/support/documents.php?mode=changelog" + }, + { + "name": "VU#774686", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/774686" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0510.json b/2005/0xxx/CVE-2005-0510.json index 9e53baa2a96..fe77090422b 100644 --- a/2005/0xxx/CVE-2005-0510.json +++ b/2005/0xxx/CVE-2005-0510.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dcs.nac.uci.edu/~strombrg/fallback-reboot/", - "refsource" : "CONFIRM", - "url" : "http://dcs.nac.uci.edu/~strombrg/fallback-reboot/" - }, - { - "name" : "14328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14328" + }, + { + "name": "http://dcs.nac.uci.edu/~strombrg/fallback-reboot/", + "refsource": "CONFIRM", + "url": "http://dcs.nac.uci.edu/~strombrg/fallback-reboot/" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0616.json b/2005/0xxx/CVE-2005-0616.json index 363f0a404b7..e953490b995 100644 --- a/2005/0xxx/CVE-2005-0616.json +++ b/2005/0xxx/CVE-2005-0616.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050228 [SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110962768300373&w=2" - }, - { - "name" : "http://news.postnuke.com/Article2669.html", - "refsource" : "CONFIRM", - "url" : "http://news.postnuke.com/Article2669.html" - }, - { - "name" : "1013324", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050228 [SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110962768300373&w=2" + }, + { + "name": "http://news.postnuke.com/Article2669.html", + "refsource": "CONFIRM", + "url": "http://news.postnuke.com/Article2669.html" + }, + { + "name": "1013324", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013324" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1230.json b/2005/1xxx/CVE-2005-1230.json index 702c278d1db..c8790574958 100644 --- a/2005/1xxx/CVE-2005-1230.json +++ b/2005/1xxx/CVE-2005-1230.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via \"..\\\" (dot dot backslash) sequences in a GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050421 directory traversal in Yawcam 0.2.5", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111410564915961&w=2" - }, - { - "name" : "http://www.autistici.org/fdonato/advisory/Yawcam0.2.5-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/Yawcam0.2.5-adv.txt" - }, - { - "name" : "15732", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15732" - }, - { - "name" : "15052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via \"..\\\" (dot dot backslash) sequences in a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15052" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/Yawcam0.2.5-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/Yawcam0.2.5-adv.txt" + }, + { + "name": "20050421 directory traversal in Yawcam 0.2.5", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111410564915961&w=2" + }, + { + "name": "15732", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15732" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3328.json b/2005/3xxx/CVE-2005-3328.json index efd7e0a6b47..beae7cec5b5 100644 --- a/2005/3xxx/CVE-2005-3328.json +++ b/2005/3xxx/CVE-2005-3328.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051024 Remote File Inclusion in forum PunBB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113017630505223&w=2" - }, - { - "name" : "15175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15175" - }, - { - "name" : "107", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051024 Remote File Inclusion in forum PunBB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113017630505223&w=2" + }, + { + "name": "15175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15175" + }, + { + "name": "107", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/107" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3431.json b/2005/3xxx/CVE-2005-3431.json index eebf61785f8..e93af15dc0e 100644 --- a/2005/3xxx/CVE-2005-3431.json +++ b/2005/3xxx/CVE-2005-3431.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113053680631151&w=2" - }, - { - "name" : "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html" - }, - { - "name" : "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf", - "refsource" : "MISC", - "url" : "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf" - }, - { - "name" : "15231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15231" - }, - { - "name" : "1015117", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015117" - }, - { - "name" : "17240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17240/" - }, - { - "name" : "126", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/126" - }, - { - "name" : "mailsiteexpress-attachpath-obtain-info(22908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html" + }, + { + "name": "126", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/126" + }, + { + "name": "mailsiteexpress-attachpath-obtain-info(22908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22908" + }, + { + "name": "15231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15231" + }, + { + "name": "1015117", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015117" + }, + { + "name": "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf", + "refsource": "MISC", + "url": "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf" + }, + { + "name": "17240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17240/" + }, + { + "name": "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113053680631151&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3982.json b/2005/3xxx/CVE-2005-3982.json index fe62426612d..d04d9b5bef4 100644 --- a/2005/3xxx/CVE-2005-3982.json +++ b/2005/3xxx/CVE-2005-3982.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051201 WebCalendar Multiple Vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418286/100/0/threaded" - }, - { - "name" : "http://vd.lwang.org/webcalendar_multiple_vulns.txt", - "refsource" : "MISC", - "url" : "http://vd.lwang.org/webcalendar_multiple_vulns.txt" - }, - { - "name" : "DSA-1002", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1002" - }, - { - "name" : "15673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15673" - }, - { - "name" : "ADV-2005-2702", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2702" - }, - { - "name" : "21383", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21383" - }, - { - "name" : "17848", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17848" - }, - { - "name" : "19240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051201 WebCalendar Multiple Vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418286/100/0/threaded" + }, + { + "name": "15673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15673" + }, + { + "name": "ADV-2005-2702", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2702" + }, + { + "name": "19240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19240" + }, + { + "name": "http://vd.lwang.org/webcalendar_multiple_vulns.txt", + "refsource": "MISC", + "url": "http://vd.lwang.org/webcalendar_multiple_vulns.txt" + }, + { + "name": "21383", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21383" + }, + { + "name": "17848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17848" + }, + { + "name": "DSA-1002", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1002" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4216.json b/2005/4xxx/CVE-2005-4216.json index a4128326a78..f0b42ab6bb1 100644 --- a/2005/4xxx/CVE-2005-4216.json +++ b/2005/4xxx/CVE-2005-4216.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipomonis.com/advisories/Flash_media_server_2.txt", - "refsource" : "MISC", - "url" : "http://www.ipomonis.com/advisories/Flash_media_server_2.txt" - }, - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-11.html" - }, - { - "name" : "15822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15822" - }, - { - "name" : "ADV-2005-2865", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2865" - }, - { - "name" : "1015346", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015346" - }, - { - "name" : "17978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17978" - }, - { - "name" : "macromedia-fmsadmin-dos(23563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ipomonis.com/advisories/Flash_media_server_2.txt", + "refsource": "MISC", + "url": "http://www.ipomonis.com/advisories/Flash_media_server_2.txt" + }, + { + "name": "ADV-2005-2865", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2865" + }, + { + "name": "macromedia-fmsadmin-dos(23563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23563" + }, + { + "name": "1015346", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015346" + }, + { + "name": "15822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15822" + }, + { + "name": "17978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17978" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-11.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4340.json b/2005/4xxx/CVE-2005-4340.json index eb9f6c6551f..3b490a2252e 100644 --- a/2005/4xxx/CVE-2005-4340.json +++ b/2005/4xxx/CVE-2005-4340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4340", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4206. Reason: This candidate is a duplicate of CVE-2005-4206. Notes: All CVE users should reference CVE-2005-4206 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4340", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4206. Reason: This candidate is a duplicate of CVE-2005-4206. Notes: All CVE users should reference CVE-2005-4206 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4476.json b/2005/4xxx/CVE-2005-4476.json index bc16c4bd16e..3990930ec63 100644 --- a/2005/4xxx/CVE-2005-4476.json +++ b/2005/4xxx/CVE-2005-4476.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/openedit-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/openedit-xss-vuln.html" - }, - { - "name" : "16004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16004" - }, - { - "name" : "ADV-2005-3042", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3042" - }, - { - "name" : "21866", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21866" - }, - { - "name" : "18168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/openedit-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/openedit-xss-vuln.html" + }, + { + "name": "18168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18168" + }, + { + "name": "21866", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21866" + }, + { + "name": "16004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16004" + }, + { + "name": "ADV-2005-3042", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3042" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4640.json b/2005/4xxx/CVE-2005-4640.json index b7fec1583e3..493a98e3610 100644 --- a/2005/4xxx/CVE-2005-4640.json +++ b/2005/4xxx/CVE-2005-4640.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/class-1-poll-software-multiple-sql.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/class-1-poll-software-multiple-sql.html" - }, - { - "name" : "21241", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21241", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21241" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/class-1-poll-software-multiple-sql.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/class-1-poll-software-multiple-sql.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0400.json b/2009/0xxx/CVE-2009-0400.json index 429242cef01..3ff2299421c 100644 --- a/2009/0xxx/CVE-2009-0400.json +++ b/2009/0xxx/CVE-2009-0400.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7900", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7900" - }, - { - "name" : "33495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33495" - }, - { - "name" : "51644", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51644" - }, - { - "name" : "33701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33701" - }, - { - "name" : "socialengine-blog-sql-injection(48316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33495" + }, + { + "name": "33701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33701" + }, + { + "name": "7900", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7900" + }, + { + "name": "socialengine-blog-sql-injection(48316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48316" + }, + { + "name": "51644", + "refsource": "OSVDB", + "url": "http://osvdb.org/51644" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0539.json b/2009/0xxx/CVE-2009-0539.json index 701f13246f8..1ab44ac14b6 100644 --- a/2009/0xxx/CVE-2009-0539.json +++ b/2009/0xxx/CVE-2009-0539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0539", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0539", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1206.json b/2009/1xxx/CVE-2009-1206.json index b9eb96e94bc..2a6bc8221a9 100644 --- a/2009/1xxx/CVE-2009-1206.json +++ b/2009/1xxx/CVE-2009-1206.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI Professional Version 4.11.5 and earlier allows remote attackers to gain administrative privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.futomi.com/library/info/2009/20090331.html", - "refsource" : "CONFIRM", - "url" : "http://www.futomi.com/library/info/2009/20090331.html" - }, - { - "name" : "JVN#63511247", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN63511247/index.html" - }, - { - "name" : "JVNDB-2009-000016", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000016.html" - }, - { - "name" : "34315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34315" - }, - { - "name" : "34516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34516" - }, - { - "name" : "ADV-2009-0888", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0888" - }, - { - "name" : "cgicafe-unspecified-unauth-access(49525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI Professional Version 4.11.5 and earlier allows remote attackers to gain administrative privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34315" + }, + { + "name": "JVNDB-2009-000016", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000016.html" + }, + { + "name": "ADV-2009-0888", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0888" + }, + { + "name": "http://www.futomi.com/library/info/2009/20090331.html", + "refsource": "CONFIRM", + "url": "http://www.futomi.com/library/info/2009/20090331.html" + }, + { + "name": "34516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34516" + }, + { + "name": "cgicafe-unspecified-unauth-access(49525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49525" + }, + { + "name": "JVN#63511247", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN63511247/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3443.json b/2009/3xxx/CVE-2009-3443.json index 84981e0a930..5735e6cb656 100644 --- a/2009/3xxx/CVE-2009-3443.json +++ b/2009/3xxx/CVE-2009-3443.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0909-exploits/joomlafastball-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0909-exploits/joomlafastball-sql.txt" - }, - { - "name" : "36878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36878" + }, + { + "name": "http://packetstormsecurity.org/0909-exploits/joomlafastball-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0909-exploits/joomlafastball-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3628.json b/2009/3xxx/CVE-2009-3628.json index 8ee2910d365..56e75386287 100644 --- a/2009/3xxx/CVE-2009-3628.json +++ b/2009/3xxx/CVE-2009-3628.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091023 Re: CVE id request: typo3", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125632856206736&w=2" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016" - }, - { - "name" : "36801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36801" - }, - { - "name" : "37122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37122" - }, - { - "name" : "ADV-2009-3009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3009" - }, - { - "name" : "typo3-ttcontent-info-disclosure(53917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37122" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016" + }, + { + "name": "typo3-ttcontent-info-disclosure(53917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53917" + }, + { + "name": "[oss-security] 20091023 Re: CVE id request: typo3", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125632856206736&w=2" + }, + { + "name": "ADV-2009-3009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3009" + }, + { + "name": "36801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36801" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4082.json b/2009/4xxx/CVE-2009-4082.json index d3d56fe8c80..181f7f8d9da 100644 --- a/2009/4xxx/CVE-2009-4082.json +++ b/2009/4xxx/CVE-2009-4082.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (OPT) 1.2.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0911-exploits/opt-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0911-exploits/opt-rfi.txt" - }, - { - "name" : "10218", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10218" - }, - { - "name" : "37090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37090" - }, - { - "name" : "60464", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60464" - }, - { - "name" : "37447", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37447" - }, - { - "name" : "outreach-index-file-include(54379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (OPT) 1.2.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "outreach-index-file-include(54379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54379" + }, + { + "name": "10218", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10218" + }, + { + "name": "37090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37090" + }, + { + "name": "60464", + "refsource": "OSVDB", + "url": "http://osvdb.org/60464" + }, + { + "name": "http://packetstormsecurity.org/0911-exploits/opt-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0911-exploits/opt-rfi.txt" + }, + { + "name": "37447", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37447" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4110.json b/2009/4xxx/CVE-2009-4110.json index 580c233650a..f715deed474 100644 --- a/2009/4xxx/CVE-2009-4110.json +++ b/2009/4xxx/CVE-2009-4110.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno31/tabid/1450/Default.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno31/tabid/1450/Default.aspx" - }, - { - "name" : "37139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37139" - }, - { - "name" : "60519", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60519" - }, - { - "name" : "37480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37480" - }, - { - "name" : "dotnetnuke-search-xss(54453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37480" + }, + { + "name": "60519", + "refsource": "OSVDB", + "url": "http://osvdb.org/60519" + }, + { + "name": "37139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37139" + }, + { + "name": "dotnetnuke-search-xss(54453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54453" + }, + { + "name": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno31/tabid/1450/Default.aspx", + "refsource": "CONFIRM", + "url": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno31/tabid/1450/Default.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4238.json b/2009/4xxx/CVE-2009-4238.json index 5acedbed2ea..9f9cdc7afda 100644 --- a/2009/4xxx/CVE-2009-4238.json +++ b/2009/4xxx/CVE-2009-4238.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html" - }, - { - "name" : "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities" - }, - { - "name" : "http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2", - "refsource" : "CONFIRM", - "url" : "http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2" - }, - { - "name" : "37258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37258" - }, - { - "name" : "60919", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60919" - }, - { - "name" : "60920", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60919", + "refsource": "OSVDB", + "url": "http://osvdb.org/60919" + }, + { + "name": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities" + }, + { + "name": "60920", + "refsource": "OSVDB", + "url": "http://osvdb.org/60920" + }, + { + "name": "37258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37258" + }, + { + "name": "http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2", + "refsource": "CONFIRM", + "url": "http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2" + }, + { + "name": "20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4261.json b/2009/4xxx/CVE-2009-4261.json index 87458c05033..e7b566f2b5b 100644 --- a/2009/4xxx/CVE-2009-4261.json +++ b/2009/4xxx/CVE-2009-4261.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to \"path sanitization errors.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091217 [Suspected Spam][oCERT-2009-019] Ganeti path sanitization errors", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508535/100/0/threaded" - }, - { - "name" : "[oss-security] 20091217 [oCERT-2009-019] Ganeti path sanitization errors", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/17/5" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2009-019.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2009-019.html" - }, - { - "name" : "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=NEWS;h=34b46426eca82c351e0a478c71edb66b9bb4b228;hp=7f916c59238503915e927377d887b93eef1f676c;hb=e5823b7e2cd8a3c9037a10aa59823a45642ce29f;hpb=f95c81bf21c177f7e6a2c53ea0613034326329bd", - "refsource" : "CONFIRM", - "url" : "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=NEWS;h=34b46426eca82c351e0a478c71edb66b9bb4b228;hp=7f916c59238503915e927377d887b93eef1f676c;hb=e5823b7e2cd8a3c9037a10aa59823a45642ce29f;hpb=f95c81bf21c177f7e6a2c53ea0613034326329bd" - }, - { - "name" : "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=lib/constants.py;h=81302575487a44ed192e61aa7b21888a215ef215;hp=c353878ed83ce66d21c237da5e709dedd7b6f26b;hb=0084657a21afb49c6f74498f27b97dfdbc42b383;hpb=d24cb69273e4b03ffcd4e4768d95841b5570e264", - "refsource" : "CONFIRM", - "url" : "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=lib/constants.py;h=81302575487a44ed192e61aa7b21888a215ef215;hp=c353878ed83ce66d21c237da5e709dedd7b6f26b;hb=0084657a21afb49c6f74498f27b97dfdbc42b383;hpb=d24cb69273e4b03ffcd4e4768d95841b5570e264" - }, - { - "name" : "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=lib/utils.py;h=bcd8e107bbc44ff94a4bc3dc405b5547719f001d;hp=df2d18027e83b7783e146cbbe58f7efa92317980;hb=f95c81bf21c177f7e6a2c53ea0613034326329bd;hpb=4fe80ef2ed1cda3a6357274eccafe5c1f21a5283", - "refsource" : "CONFIRM", - "url" : "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=lib/utils.py;h=bcd8e107bbc44ff94a4bc3dc405b5547719f001d;hp=df2d18027e83b7783e146cbbe58f7efa92317980;hb=f95c81bf21c177f7e6a2c53ea0613034326329bd;hpb=4fe80ef2ed1cda3a6357274eccafe5c1f21a5283" - }, - { - "name" : "http://git.ganeti.org/?p=ganeti.git;a=commit;h=f95c81bf21c177f7e6a2c53ea0613034326329bd", - "refsource" : "CONFIRM", - "url" : "http://git.ganeti.org/?p=ganeti.git;a=commit;h=f95c81bf21c177f7e6a2c53ea0613034326329bd" - }, - { - "name" : "http://groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2", - "refsource" : "CONFIRM", - "url" : "http://groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2" - }, - { - "name" : "37849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37849" - }, - { - "name" : "ADV-2009-3599", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to \"path sanitization errors.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37849" + }, + { + "name": "ADV-2009-3599", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3599" + }, + { + "name": "20091217 [Suspected Spam][oCERT-2009-019] Ganeti path sanitization errors", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508535/100/0/threaded" + }, + { + "name": "[oss-security] 20091217 [oCERT-2009-019] Ganeti path sanitization errors", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/17/5" + }, + { + "name": "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=NEWS;h=34b46426eca82c351e0a478c71edb66b9bb4b228;hp=7f916c59238503915e927377d887b93eef1f676c;hb=e5823b7e2cd8a3c9037a10aa59823a45642ce29f;hpb=f95c81bf21c177f7e6a2c53ea0613034326329bd", + "refsource": "CONFIRM", + "url": "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=NEWS;h=34b46426eca82c351e0a478c71edb66b9bb4b228;hp=7f916c59238503915e927377d887b93eef1f676c;hb=e5823b7e2cd8a3c9037a10aa59823a45642ce29f;hpb=f95c81bf21c177f7e6a2c53ea0613034326329bd" + }, + { + "name": "http://git.ganeti.org/?p=ganeti.git;a=commit;h=f95c81bf21c177f7e6a2c53ea0613034326329bd", + "refsource": "CONFIRM", + "url": "http://git.ganeti.org/?p=ganeti.git;a=commit;h=f95c81bf21c177f7e6a2c53ea0613034326329bd" + }, + { + "name": "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=lib/utils.py;h=bcd8e107bbc44ff94a4bc3dc405b5547719f001d;hp=df2d18027e83b7783e146cbbe58f7efa92317980;hb=f95c81bf21c177f7e6a2c53ea0613034326329bd;hpb=4fe80ef2ed1cda3a6357274eccafe5c1f21a5283", + "refsource": "CONFIRM", + "url": "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=lib/utils.py;h=bcd8e107bbc44ff94a4bc3dc405b5547719f001d;hp=df2d18027e83b7783e146cbbe58f7efa92317980;hb=f95c81bf21c177f7e6a2c53ea0613034326329bd;hpb=4fe80ef2ed1cda3a6357274eccafe5c1f21a5283" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2009-019.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2009-019.html" + }, + { + "name": "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=lib/constants.py;h=81302575487a44ed192e61aa7b21888a215ef215;hp=c353878ed83ce66d21c237da5e709dedd7b6f26b;hb=0084657a21afb49c6f74498f27b97dfdbc42b383;hpb=d24cb69273e4b03ffcd4e4768d95841b5570e264", + "refsource": "CONFIRM", + "url": "http://git.ganeti.org/?p=ganeti.git;a=blobdiff;f=lib/constants.py;h=81302575487a44ed192e61aa7b21888a215ef215;hp=c353878ed83ce66d21c237da5e709dedd7b6f26b;hb=0084657a21afb49c6f74498f27b97dfdbc42b383;hpb=d24cb69273e4b03ffcd4e4768d95841b5570e264" + }, + { + "name": "http://groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2", + "refsource": "CONFIRM", + "url": "http://groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4880.json b/2009/4xxx/CVE-2009-4880.json index ee10a6ffa15..9633b736f93 100644 --- a/2009/4xxx/CVE-2009-4880.json +++ b/2009/4xxx/CVE-2009-4880.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090917 glibc x<=2.10.1 stdio/strfmon.c Multiple Vulnerabilities", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/67" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=524671", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=524671" - }, - { - "name" : "http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600", - "refsource" : "CONFIRM", - "url" : "http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600" - }, - { - "name" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3" - }, - { - "name" : "DSA-2058", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2058" - }, - { - "name" : "GLSA-201011-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201011-01.xml" - }, - { - "name" : "MDVSA-2010:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" - }, - { - "name" : "MDVSA-2010:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" - }, - { - "name" : "USN-944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-944-1" - }, - { - "name" : "36443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36443" - }, - { - "name" : "39900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39900" - }, - { - "name" : "ADV-2010-1246", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1246" - }, - { - "name" : "gnuclibrary-strfmon-overflow(59242)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" + }, + { + "name": "GLSA-201011-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml" + }, + { + "name": "ADV-2010-1246", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1246" + }, + { + "name": "USN-944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-944-1" + }, + { + "name": "36443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36443" + }, + { + "name": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600", + "refsource": "CONFIRM", + "url": "http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600" + }, + { + "name": "20090917 glibc x<=2.10.1 stdio/strfmon.c Multiple Vulnerabilities", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/67" + }, + { + "name": "39900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39900" + }, + { + "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3", + "refsource": "CONFIRM", + "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3" + }, + { + "name": "gnuclibrary-strfmon-overflow(59242)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59242" + }, + { + "name": "MDVSA-2010:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" + }, + { + "name": "DSA-2058", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2058" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=524671", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524671" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2373.json b/2012/2xxx/CVE-2012-2373.json index f013d347051..7b6aa75654a 100644 --- a/2012/2xxx/CVE-2012-2373.json +++ b/2012/2xxx/CVE-2012-2373.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120518 Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/18/11" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26c191788f18129af0eb32a358cdaea0c7479626", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26c191788f18129af0eb32a358cdaea0c7479626" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=822821", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=822821" - }, - { - "name" : "https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626" - }, - { - "name" : "HPSBGN02970", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2" - }, - { - "name" : "RHSA-2012:0743", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0743.html" - }, - { - "name" : "USN-1529-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1529-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5" + }, + { + "name": "RHSA-2012:0743", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26c191788f18129af0eb32a358cdaea0c7479626", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26c191788f18129af0eb32a358cdaea0c7479626" + }, + { + "name": "[oss-security] 20120518 Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/18/11" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=822821", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=822821" + }, + { + "name": "https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626" + }, + { + "name": "USN-1529-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1529-1" + }, + { + "name": "HPSBGN02970", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2374.json b/2012/2xxx/CVE-2012-2374.json index 563e552296a..2ca8513fa65 100644 --- a/2012/2xxx/CVE-2012-2374.json +++ b/2012/2xxx/CVE-2012-2374.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/05/18/12" - }, - { - "name" : "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/18/6" - }, - { - "name" : "http://www.tornadoweb.org/documentation/releases/v2.2.1.html", - "refsource" : "CONFIRM", - "url" : "http://www.tornadoweb.org/documentation/releases/v2.2.1.html" - }, - { - "name" : "53612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53612" - }, - { - "name" : "49185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53612" + }, + { + "name": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html", + "refsource": "CONFIRM", + "url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html" + }, + { + "name": "49185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49185" + }, + { + "name": "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/18/6" + }, + { + "name": "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/05/18/12" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2528.json b/2012/2xxx/CVE-2012-2528.json index 0b2d9530d50..7c2db21c8a5 100644 --- a/2012/2xxx/CVE-2012-2528.json +++ b/2012/2xxx/CVE-2012-2528.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka \"RTF File listid Use-After-Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-064", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064" - }, - { - "name" : "TA12-283A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-283A.html" - }, - { - "name" : "55781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55781" - }, - { - "name" : "oval:org.mitre.oval:def:15680", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka \"RTF File listid Use-After-Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15680", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680" + }, + { + "name": "55781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55781" + }, + { + "name": "TA12-283A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html" + }, + { + "name": "MS12-064", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2878.json b/2012/2xxx/CVE-2012-2878.json index c965bd8cb33..0893d7ce40b 100644 --- a/2012/2xxx/CVE-2012-2878.json +++ b/2012/2xxx/CVE-2012-2878.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=137852", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=137852" - }, - { - "name" : "openSUSE-SU-2012:1376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:15783", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15783" - }, - { - "name" : "google-chrome-cve20122878(78837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=137852", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=137852" + }, + { + "name": "oval:org.mitre.oval:def:15783", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15783" + }, + { + "name": "google-chrome-cve20122878(78837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78837" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" + }, + { + "name": "openSUSE-SU-2012:1376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0077.json b/2015/0xxx/CVE-2015-0077.json index b260e1dd7db..7a4b2b62e71 100644 --- a/2015/0xxx/CVE-2015-0077.json +++ b/2015/0xxx/CVE-2015-0077.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka \"Microsoft Windows Kernel Memory Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-023" - }, - { - "name" : "72897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72897" - }, - { - "name" : "1031897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka \"Microsoft Windows Kernel Memory Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72897" + }, + { + "name": "1031897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031897" + }, + { + "name": "MS15-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-023" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0322.json b/2015/0xxx/CVE-2015-0322.json index 13e74576368..03cb3f37bbb 100644 --- a/2015/0xxx/CVE-2015-0322.json +++ b/2015/0xxx/CVE-2015-0322.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" - }, - { - "name" : "https://technet.microsoft.com/library/security/2755801", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/library/security/2755801" - }, - { - "name" : "GLSA-201502-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-02.xml" - }, - { - "name" : "RHSA-2015:0140", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0140.html" - }, - { - "name" : "SUSE-SU-2015:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:0239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:0237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" - }, - { - "name" : "72514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72514" - }, - { - "name" : "1031706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031706" - }, - { - "name" : "62777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62777" - }, - { - "name" : "62886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62886" - }, - { - "name" : "62895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62895" - }, - { - "name" : "adobe-flash-cve20150322-code-exec(100699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201502-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml" + }, + { + "name": "openSUSE-SU-2015:0238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" + }, + { + "name": "62895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62895" + }, + { + "name": "1031706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031706" + }, + { + "name": "62886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62886" + }, + { + "name": "https://technet.microsoft.com/library/security/2755801", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/library/security/2755801" + }, + { + "name": "62777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62777" + }, + { + "name": "adobe-flash-cve20150322-code-exec(100699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100699" + }, + { + "name": "openSUSE-SU-2015:0237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" + }, + { + "name": "SUSE-SU-2015:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" + }, + { + "name": "72514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72514" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" + }, + { + "name": "RHSA-2015:0140", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0140.html" + }, + { + "name": "SUSE-SU-2015:0239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0745.json b/2015/0xxx/CVE-2015-0745.json index dbb2b777e36..84a4b824cca 100644 --- a/2015/0xxx/CVE-2015-0745.json +++ b/2015/0xxx/CVE-2015-0745.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150529 Cisco Headend System Release Archive File Download Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38944" - }, - { - "name" : "1032445", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032445", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032445" + }, + { + "name": "20150529 Cisco Headend System Release Archive File Download Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38944" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1124.json b/2015/1xxx/CVE-2015-1124.json index e435b3514f6..1d9cddfed4b 100644 --- a/2015/1xxx/CVE-2015-1124.json +++ b/2015/1xxx/CVE-2015-1124.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204658", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204658" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-04-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "73972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73972" - }, - { - "name" : "1032047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204658", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204658" + }, + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "APPLE-SA-2015-04-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html" + }, + { + "name": "73972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73972" + }, + { + "name": "1032047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032047" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1152.json b/2015/1xxx/CVE-2015-1152.json index b90c6bd323e..01e6fb16634 100644 --- a/2015/1xxx/CVE-2015-1152.json +++ b/2015/1xxx/CVE-2015-1152.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204826", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204826" - }, - { - "name" : "http://support.apple.com/kb/HT204941", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204941" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "APPLE-SA-2015-05-06-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/May/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-06-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "openSUSE-SU-2016:0761", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" - }, - { - "name" : "74525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74525" - }, - { - "name" : "1032270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "https://support.apple.com/HT204826", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204826" + }, + { + "name": "http://support.apple.com/kb/HT204941", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204941" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "74525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74525" + }, + { + "name": "openSUSE-SU-2016:0761", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" + }, + { + "name": "1032270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032270" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "APPLE-SA-2015-06-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" + }, + { + "name": "APPLE-SA-2015-05-06-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/May/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1752.json b/2015/1xxx/CVE-2015-1752.json index 0a8eb717adc..42738d45ae6 100644 --- a/2015/1xxx/CVE-2015-1752.json +++ b/2015/1xxx/CVE-2015-1752.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1741." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" - }, - { - "name" : "74989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74989" - }, - { - "name" : "1032521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1741." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74989" + }, + { + "name": "MS15-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" + }, + { + "name": "1032521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032521" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1957.json b/2015/1xxx/CVE-2015-1957.json index 20bdfb7bc4e..cd76cbbb5a2 100644 --- a/2015/1xxx/CVE-2015-1957.json +++ b/2015/1xxx/CVE-2015-1957.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960506" - }, - { - "name" : "ibm-mq-cve20151957-info-disc(103482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/103482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960506", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960506" + }, + { + "name": "ibm-mq-cve20151957-info-disc(103482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/103482" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1976.json b/2015/1xxx/CVE-2015-1976.json index cb7dbb9de95..c9263c1f432 100644 --- a/2015/1xxx/CVE-2015-1976.json +++ b/2015/1xxx/CVE-2015-1976.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2015-1976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Directory Server", - "version" : { - "version_data" : [ - { - "version_value" : "6.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.3" - }, - { - "version_value" : "6.3.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Directory Server", + "version": { + "version_data": [ + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.3" + }, + { + "version_value": "6.3.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21980585", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21980585" - }, - { - "name" : "90526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "90526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90526" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21980585", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21980585" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5081.json b/2015/5xxx/CVE-2015-5081.json index 152a76d5150..4fed2484563 100644 --- a/2015/5xxx/CVE-2015-5081.json +++ b/2015/5xxx/CVE-2015-5081.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150628 Re: CVE Request: Django CMS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/28/1" - }, - { - "name" : "https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a", - "refsource" : "CONFIRM", - "url" : "https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a" - }, - { - "name" : "https://www.django-cms.org/en/blog/2015/06/27/311-3014-release/", - "refsource" : "CONFIRM", - "url" : "https://www.django-cms.org/en/blog/2015/06/27/311-3014-release/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.django-cms.org/en/blog/2015/06/27/311-3014-release/", + "refsource": "CONFIRM", + "url": "https://www.django-cms.org/en/blog/2015/06/27/311-3014-release/" + }, + { + "name": "https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a", + "refsource": "CONFIRM", + "url": "https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a" + }, + { + "name": "[oss-security] 20150628 Re: CVE Request: Django CMS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/28/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5642.json b/2015/5xxx/CVE-2015-5642.json index 398754e8fc6..bb4acf8a097 100644 --- a/2015/5xxx/CVE-2015-5642.json +++ b/2015/5xxx/CVE-2015-5642.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://oss.icz.co.jp/news/?p=1073", - "refsource" : "CONFIRM", - "url" : "http://oss.icz.co.jp/news/?p=1073" - }, - { - "name" : "JVN#18232032", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN18232032/index.html" - }, - { - "name" : "JVNDB-2015-000143", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2015-000143", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000143" + }, + { + "name": "JVN#18232032", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN18232032/index.html" + }, + { + "name": "http://oss.icz.co.jp/news/?p=1073", + "refsource": "CONFIRM", + "url": "http://oss.icz.co.jp/news/?p=1073" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5655.json b/2015/5xxx/CVE-2015-5655.json index ccf16d4d788..f3d549085dd 100644 --- a/2015/5xxx/CVE-2015-5655.json +++ b/2015/5xxx/CVE-2015-5655.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN48211537/995687/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN48211537/995687/index.html" - }, - { - "name" : "JVN#48211537", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN48211537/index.html" - }, - { - "name" : "JVNDB-2015-000159", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN48211537/995687/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN48211537/995687/index.html" + }, + { + "name": "JVN#48211537", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN48211537/index.html" + }, + { + "name": "JVNDB-2015-000159", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000159" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5736.json b/2015/5xxx/CVE-2015-5736.json index 172de26c7f2..dd178e72e6d 100644 --- a/2015/5xxx/CVE-2015-5736.json +++ b/2015/5xxx/CVE-2015-5736.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536369/100/0/threaded" - }, - { - "name" : "41721", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41721/" - }, - { - "name" : "41722", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41722/" - }, - { - "name" : "45149", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45149/" - }, - { - "name" : "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/0" - }, - { - "name" : "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities" - }, - { - "name" : "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html" - }, - { - "name" : "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient" - }, - { - "name" : "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient", - "refsource" : "CONFIRM", - "url" : "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient" - }, - { - "name" : "1033439", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities" + }, + { + "name": "41722", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41722/" + }, + { + "name": "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html" + }, + { + "name": "45149", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45149/" + }, + { + "name": "1033439", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033439" + }, + { + "name": "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient" + }, + { + "name": "41721", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41721/" + }, + { + "name": "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536369/100/0/threaded" + }, + { + "name": "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient", + "refsource": "CONFIRM", + "url": "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient" + }, + { + "name": "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/0" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5847.json b/2015/5xxx/CVE-2015-5847.json index 8cb8adcf45f..e62f237ebb5 100644 --- a/2015/5xxx/CVE-2015-5847.json +++ b/2015/5xxx/CVE-2015-5847.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11177.json b/2018/11xxx/CVE-2018-11177.json index e96bd4a2e4a..1db420c55e6 100644 --- a/2018/11xxx/CVE-2018-11177.json +++ b/2018/11xxx/CVE-2018-11177.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11523.json b/2018/11xxx/CVE-2018-11523.json index b91f68a215f..434c80c2461 100644 --- a/2018/11xxx/CVE-2018-11523.json +++ b/2018/11xxx/CVE-2018-11523.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44794", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44794/" - }, - { - "name" : "https://github.com/unh3x/just4cve/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/unh3x/just4cve/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44794", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44794/" + }, + { + "name": "https://github.com/unh3x/just4cve/issues/1", + "refsource": "MISC", + "url": "https://github.com/unh3x/just4cve/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11538.json b/2018/11xxx/CVE-2018-11538.json index 1edf6671853..41be216f099 100644 --- a/2018/11xxx/CVE-2018-11538.json +++ b/2018/11xxx/CVE-2018-11538.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44801", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44801/" - }, - { - "name" : "http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html" - }, - { - "name" : "https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/", - "refsource" : "MISC", - "url" : "https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/", + "refsource": "MISC", + "url": "https://gurelahmet.com/cve-2018-11538-csrf-privilege-escalation-creation-of-an-administrator-account-on-searchblox-8-6-6/" + }, + { + "name": "44801", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44801/" + }, + { + "name": "http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3213.json b/2018/3xxx/CVE-2018-3213.json index 8975dd4e62a..3161b3a9fd3 100644 --- a/2018/3xxx/CVE-2018-3213.json +++ b/2018/3xxx/CVE-2018-3213.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebLogic Server", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "Docker 12.2.1.3.20180913" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Docker 12.2.1.3.20180913" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-32", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-32" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105633" - }, - { - "name" : "1041896", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-32", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-32" + }, + { + "name": "105633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105633" + }, + { + "name": "1041896", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041896" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3368.json b/2018/3xxx/CVE-2018-3368.json index 4dedfc1bb49..858e8966b79 100644 --- a/2018/3xxx/CVE-2018-3368.json +++ b/2018/3xxx/CVE-2018-3368.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3368", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3368", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3382.json b/2018/3xxx/CVE-2018-3382.json index 389ec3d366f..e3fef42e136 100644 --- a/2018/3xxx/CVE-2018-3382.json +++ b/2018/3xxx/CVE-2018-3382.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3382", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3382", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3877.json b/2018/3xxx/CVE-2018-3877.json index aac0ad1f156..deddbe5483b 100644 --- a/2018/3xxx/CVE-2018-3877.json +++ b/2018/3xxx/CVE-2018-3877.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SmartThings Hub STH-ETH-250", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long \"directory\" value in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Classic Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartThings Hub STH-ETH-250", + "version": { + "version_data": [ + { + "version_value": "Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long \"directory\" value in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6039.json b/2018/6xxx/CVE-2018-6039.json index 113548ba892..2e27c0916d5 100644 --- a/2018/6xxx/CVE-2018-6039.json +++ b/2018/6xxx/CVE-2018-6039.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "64.0.3282.119" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient data validation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "64.0.3282.119" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html" - }, - { - "name" : "https://crbug.com/775527", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/775527" - }, - { - "name" : "DSA-4103", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4103" - }, - { - "name" : "RHSA-2018:0265", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0265" - }, - { - "name" : "102797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102797" - }, - { - "name" : "1040282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient data validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html" + }, + { + "name": "DSA-4103", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4103" + }, + { + "name": "102797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102797" + }, + { + "name": "1040282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040282" + }, + { + "name": "RHSA-2018:0265", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0265" + }, + { + "name": "https://crbug.com/775527", + "refsource": "CONFIRM", + "url": "https://crbug.com/775527" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7000.json b/2018/7xxx/CVE-2018-7000.json index 01942c6da69..47c5ed6ecec 100644 --- a/2018/7xxx/CVE-2018-7000.json +++ b/2018/7xxx/CVE-2018-7000.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7000", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7000", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7255.json b/2018/7xxx/CVE-2018-7255.json index b1c6446c4ec..32fd182b184 100644 --- a/2018/7xxx/CVE-2018-7255.json +++ b/2018/7xxx/CVE-2018-7255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7255", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7255", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7720.json b/2018/7xxx/CVE-2018-7720.json index 18912c015fe..6834418f09b 100644 --- a/2018/7xxx/CVE-2018-7720.json +++ b/2018/7xxx/CVE-2018-7720.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Kyhvedn/CVE_Description/blob/master/CVE-2018-7720_Description.md", - "refsource" : "MISC", - "url" : "https://github.com/Kyhvedn/CVE_Description/blob/master/CVE-2018-7720_Description.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Kyhvedn/CVE_Description/blob/master/CVE-2018-7720_Description.md", + "refsource": "MISC", + "url": "https://github.com/Kyhvedn/CVE_Description/blob/master/CVE-2018-7720_Description.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7819.json b/2018/7xxx/CVE-2018-7819.json index b2de2c6c9ac..b10041f3fe7 100644 --- a/2018/7xxx/CVE-2018-7819.json +++ b/2018/7xxx/CVE-2018-7819.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7819", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7819", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7908.json b/2018/7xxx/CVE-2018-7908.json index 99c0f75b732..12d24042026 100644 --- a/2018/7xxx/CVE-2018-7908.json +++ b/2018/7xxx/CVE-2018-7908.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7908", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7908", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8382.json b/2018/8xxx/CVE-2018-8382.json index 77aa3435fa6..d29b68bf6c3 100644 --- a/2018/8xxx/CVE-2018-8382.json +++ b/2018/8xxx/CVE-2018-8382.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Excel Viewer", - "version" : { - "version_data" : [ - { - "version_value" : "2007 Service Pack 3" - } - ] - } - }, - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2016 for Mac" - }, - { - "version_value" : "Compatibility Pack Service Pack 3" - } - ] - } - }, - { - "product_name" : "Microsoft Excel", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - }, - { - "version_value" : "2016 Click-to-Run (C2R) for 32-bit editions" - }, - { - "version_value" : "2016 Click-to-Run (C2R) for 64-bit editions" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Excel Viewer", + "version": { + "version_data": [ + { + "version_value": "2007 Service Pack 3" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2016 for Mac" + }, + { + "version_value": "Compatibility Pack Service Pack 3" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2016 Click-to-Run (C2R) for 32-bit editions" + }, + { + "version_value": "2016 Click-to-Run (C2R) for 64-bit editions" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382" - }, - { - "name" : "105000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105000" - }, - { - "name" : "1041463", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105000" + }, + { + "name": "1041463", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041463" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8382" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8950.json b/2018/8xxx/CVE-2018-8950.json index 19fbf8be03b..5cba6dbf292 100644 --- a/2018/8xxx/CVE-2018-8950.json +++ b/2018/8xxx/CVE-2018-8950.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8950", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8950", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8977.json b/2018/8xxx/CVE-2018-8977.json index e7bc6d8ffa9..ef76e390cc6 100644 --- a/2018/8xxx/CVE-2018-8977.json +++ b/2018/8xxx/CVE-2018-8977.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Exiv2/exiv2/issues/247", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/issues/247" - }, - { - "name" : "GLSA-201811-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Exiv2/exiv2/issues/247", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/issues/247" + }, + { + "name": "GLSA-201811-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-14" + } + ] + } +} \ No newline at end of file