diff --git a/2005/0xxx/CVE-2005-0081.json b/2005/0xxx/CVE-2005-0081.json index 051c48104df..25e5a2e8ced 100644 --- a/2005/0xxx/CVE-2005-0081.json +++ b/2005/0xxx/CVE-2005-0081.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0336.json b/2005/0xxx/CVE-2005-0336.json index 4a347bfe656..c2e84f75ebe 100644 --- a/2005/0xxx/CVE-2005-0336.json +++ b/2005/0xxx/CVE-2005-0336.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050110 Portcullis Security Advisory 05-010", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110547214224714&w=2" - }, - { - "name" : "12236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12236" - }, - { - "name" : "1012838", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012838" - }, - { - "name" : "13820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13820" - }, - { - "name" : "mediapartner-url-xss(18845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12236" + }, + { + "name": "1012838", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012838" + }, + { + "name": "mediapartner-url-xss(18845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18845" + }, + { + "name": "13820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13820" + }, + { + "name": "20050110 Portcullis Security Advisory 05-010", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110547214224714&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0840.json b/2005/0xxx/CVE-2005-0840.json index 11f9afc9c0b..edec73dbd95 100644 --- a/2005/0xxx/CVE-2005-0840.json +++ b/2005/0xxx/CVE-2005-0840.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0840", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0706. Reason: This candidate is a duplicate of CVE-2005-0706. Notes: All CVE users should reference CVE-2005-0706 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-0840", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0706. Reason: This candidate is a duplicate of CVE-2005-0706. Notes: All CVE users should reference CVE-2005-0706 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2009.json b/2005/2xxx/CVE-2005-2009.json index a24b7bb2bad..5a6547ce174 100644 --- a/2005/2xxx/CVE-2005-2009.json +++ b/2005/2xxx/CVE-2005-2009.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050620 [ECHO_ADV_18$2005] Multiple SQL INJECTION in Ublog Reload 1.0.5", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111928552304897&w=2" - }, - { - "name" : "http://echo.or.id/adv/adv18-theday-2005.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv18-theday-2005.txt" - }, - { - "name" : "ADV-2005-0818", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050620 [ECHO_ADV_18$2005] Multiple SQL INJECTION in Ublog Reload 1.0.5", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111928552304897&w=2" + }, + { + "name": "ADV-2005-0818", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0818" + }, + { + "name": "http://echo.or.id/adv/adv18-theday-2005.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv18-theday-2005.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2638.json b/2005/2xxx/CVE-2005-2638.json index c1f5ee60c0f..813f60ce95a 100644 --- a/2005/2xxx/CVE-2005-2638.json +++ b/2005/2xxx/CVE-2005-2638.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050817 PHPFreeNews V1.40 and prior Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112439254700016&w=2" - }, - { - "name" : "14590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14590" - }, - { - "name" : "1014726", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014726" - }, - { - "name" : "16490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16490/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16490/" + }, + { + "name": "1014726", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014726" + }, + { + "name": "20050817 PHPFreeNews V1.40 and prior Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112439254700016&w=2" + }, + { + "name": "14590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14590" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2937.json b/2005/2xxx/CVE-2005-2937.json index f58c6e64d79..8b84e7ccff5 100644 --- a/2005/2xxx/CVE-2005-2937.json +++ b/2005/2xxx/CVE-2005-2937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2937", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3663, CVE-2005-3664. Reason: this candidate was intended for one issue, but multiple advisories used this candidate for different issues. Notes: All CVE users should consult CVE-2005-3663 and CVE-2005-3664 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-2937", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3663, CVE-2005-3664. Reason: this candidate was intended for one issue, but multiple advisories used this candidate for different issues. Notes: All CVE users should consult CVE-2005-3663 and CVE-2005-3664 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3071.json b/2005/3xxx/CVE-2005-3071.json index c645df93754..47e3200e116 100644 --- a/2005/3xxx/CVE-2005-3071.json +++ b/2005/3xxx/CVE-2005-3071.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service (\"soft hang\") via certain write operations to UFS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "101940", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101940-1" - }, - { - "name" : "ADV-2005-1821", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1821" - }, - { - "name" : "19640", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19640" - }, - { - "name" : "16924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16924" - }, - { - "name" : "solaris-ufs-logging-enabled-dos(22389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service (\"soft hang\") via certain write operations to UFS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-ufs-logging-enabled-dos(22389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22389" + }, + { + "name": "101940", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101940-1" + }, + { + "name": "19640", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19640" + }, + { + "name": "16924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16924" + }, + { + "name": "ADV-2005-1821", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1821" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3082.json b/2005/3xxx/CVE-2005-3082.json index 9f495722053..135b909a8f5 100644 --- a/2005/3xxx/CVE-2005-3082.json +++ b/2005/3xxx/CVE-2005-3082.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the user_pass_sha1 value in a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050927 SEO borad: SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112784905928282&w=2" - }, - { - "name" : "14936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14936" - }, - { - "name" : "http://forum.ghc.ru/showthread.php?fid=32&tid=179&old_block=0", - "refsource" : "MISC", - "url" : "http://forum.ghc.ru/showthread.php?fid=32&tid=179&old_block=0" - }, - { - "name" : "http://forums.seo-board.com/article280.htm", - "refsource" : "CONFIRM", - "url" : "http://forums.seo-board.com/article280.htm" - }, - { - "name" : "ADV-2005-1840", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1840" - }, - { - "name" : "19681", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19681" - }, - { - "name" : "16949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16949" - }, - { - "name" : "seoboard-admin-sql-injection(22418)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the user_pass_sha1 value in a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14936" + }, + { + "name": "20050927 SEO borad: SQL injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112784905928282&w=2" + }, + { + "name": "16949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16949" + }, + { + "name": "seoboard-admin-sql-injection(22418)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22418" + }, + { + "name": "ADV-2005-1840", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1840" + }, + { + "name": "19681", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19681" + }, + { + "name": "http://forums.seo-board.com/article280.htm", + "refsource": "CONFIRM", + "url": "http://forums.seo-board.com/article280.htm" + }, + { + "name": "http://forum.ghc.ru/showthread.php?fid=32&tid=179&old_block=0", + "refsource": "MISC", + "url": "http://forum.ghc.ru/showthread.php?fid=32&tid=179&old_block=0" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3086.json b/2005/3xxx/CVE-2005-3086.json index dae34bcd743..dc64f61eef5 100644 --- a/2005/3xxx/CVE-2005-3086.json +++ b/2005/3xxx/CVE-2005-3086.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via \"..\" sequences in the ctsWebsite parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050925 ContentServ features remote file disclosure", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0650.html" - }, - { - "name" : "14943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14943" - }, - { - "name" : "16929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via \"..\" sequences in the ctsWebsite parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050925 ContentServ features remote file disclosure", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0650.html" + }, + { + "name": "14943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14943" + }, + { + "name": "16929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16929" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3220.json b/2005/3xxx/CVE-2005-3220.json index 874e4c5bf1d..6c90b5f8a00 100644 --- a/2005/3xxx/CVE-2005-3220.json +++ b/2005/3xxx/CVE-2005-3220.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in unspecified versions of Norman Virus Control Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Antivirus detection bypass by special crafted archive.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" - }, - { - "name" : "http://shadock.net/secubox/AVCraftedArchive.html", - "refsource" : "MISC", - "url" : "http://shadock.net/secubox/AVCraftedArchive.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in unspecified versions of Norman Virus Control Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shadock.net/secubox/AVCraftedArchive.html", + "refsource": "MISC", + "url": "http://shadock.net/secubox/AVCraftedArchive.html" + }, + { + "name": "20051007 Antivirus detection bypass by special crafted archive.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3412.json b/2005/3xxx/CVE-2005-3412.json index 4cf5775a93b..e5d54a132a2 100644 --- a/2005/3xxx/CVE-2005-3412.json +++ b/2005/3xxx/CVE-2005-3412.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051101 HYSA-2005-009 Elite Forum 1.0.0.0 XSS", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113083841308736&w=2" - }, - { - "name" : "20051101 HYSA-2005-009 Elite Forum 1.0.0.0 XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415400/30/0/threaded" - }, - { - "name" : "http://www.h4cky0u.org/advisories/HYSA-2005-009-elite-forum.txt", - "refsource" : "MISC", - "url" : "http://www.h4cky0u.org/advisories/HYSA-2005-009-elite-forum.txt" - }, - { - "name" : "15257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15257" - }, - { - "name" : "ADV-2005-2260", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2260" - }, - { - "name" : "17341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17341" - }, - { - "name" : "136", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051101 HYSA-2005-009 Elite Forum 1.0.0.0 XSS", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113083841308736&w=2" + }, + { + "name": "15257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15257" + }, + { + "name": "136", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/136" + }, + { + "name": "20051101 HYSA-2005-009 Elite Forum 1.0.0.0 XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415400/30/0/threaded" + }, + { + "name": "http://www.h4cky0u.org/advisories/HYSA-2005-009-elite-forum.txt", + "refsource": "MISC", + "url": "http://www.h4cky0u.org/advisories/HYSA-2005-009-elite-forum.txt" + }, + { + "name": "ADV-2005-2260", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2260" + }, + { + "name": "17341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17341" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3635.json b/2005/3xxx/CVE-2005-3635.json index 678fa5a5596..af34c7c20a6 100644 --- a/2005/3xxx/CVE-2005-3635.json +++ b/2005/3xxx/CVE-2005-3635.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113156601505542&w=2" - }, - { - "name" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf" - }, - { - "name" : "15361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15361" - }, - { - "name" : "ADV-2005-2361", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2361" - }, - { - "name" : "20716", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20716" - }, - { - "name" : "20717", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20717" - }, - { - "name" : "1015174", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Nov/1015174.html" - }, - { - "name" : "17515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17515/" - }, - { - "name" : "162", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/162" - }, - { - "name" : "sap-fameset-systempublic-xss(23027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf" + }, + { + "name": "20717", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20717" + }, + { + "name": "162", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/162" + }, + { + "name": "sap-fameset-systempublic-xss(23027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23027" + }, + { + "name": "15361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15361" + }, + { + "name": "17515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17515/" + }, + { + "name": "1015174", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html" + }, + { + "name": "ADV-2005-2361", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2361" + }, + { + "name": "20716", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20716" + }, + { + "name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113156601505542&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3912.json b/2005/3xxx/CVE-2005-3912.json index 0c8adb055fe..12f82d57d4f 100644 --- a/2005/3xxx/CVE-2005-3912.json +++ b/2005/3xxx/CVE-2005-3912.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051129 Webmin miniserv.pl format string vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418093/100/0/threaded" - }, - { - "name" : "[Dailydave] 20051129 Webmin miniserv.pl format string vulnerability", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html" - }, - { - "name" : "http://www.dyadsecurity.com/webmin-0001.html", - "refsource" : "MISC", - "url" : "http://www.dyadsecurity.com/webmin-0001.html" - }, - { - "name" : "http://www.webmin.com/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/security.html" - }, - { - "name" : "http://www.webmin.com/changes-1.250.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/changes-1.250.html" - }, - { - "name" : "http://www.webmin.com/uchanges-1.180.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/uchanges-1.180.html" - }, - { - "name" : "DSA-1199", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1199" - }, - { - "name" : "GLSA-200512-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml" - }, - { - "name" : "MDKSA-2005:223", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223" - }, - { - "name" : "SUSE-SR:2005:030", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_30_sr.html" - }, - { - "name" : "ADV-2005-2660", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2660" - }, - { - "name" : "17749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17749" - }, - { - "name" : "17817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17817" - }, - { - "name" : "17878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17878" - }, - { - "name" : "18101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18101" - }, - { - "name" : "17942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17942" - }, - { - "name" : "22556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.webmin.com/security.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/security.html" + }, + { + "name": "17749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17749" + }, + { + "name": "GLSA-200512-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml" + }, + { + "name": "[Dailydave] 20051129 Webmin miniserv.pl format string vulnerability", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html" + }, + { + "name": "DSA-1199", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1199" + }, + { + "name": "http://www.webmin.com/changes-1.250.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/changes-1.250.html" + }, + { + "name": "18101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18101" + }, + { + "name": "ADV-2005-2660", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2660" + }, + { + "name": "SUSE-SR:2005:030", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html" + }, + { + "name": "17878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17878" + }, + { + "name": "http://www.dyadsecurity.com/webmin-0001.html", + "refsource": "MISC", + "url": "http://www.dyadsecurity.com/webmin-0001.html" + }, + { + "name": "20051129 Webmin miniserv.pl format string vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded" + }, + { + "name": "http://www.webmin.com/uchanges-1.180.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/uchanges-1.180.html" + }, + { + "name": "22556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22556" + }, + { + "name": "MDKSA-2005:223", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223" + }, + { + "name": "17942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17942" + }, + { + "name": "17817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17817" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4114.json b/2005/4xxx/CVE-2005-4114.json index a506b66aceb..9cdeb7a781d 100644 --- a/2005/4xxx/CVE-2005-4114.json +++ b/2005/4xxx/CVE-2005-4114.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4114", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4114", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0435.json b/2009/0xxx/CVE-2009-0435.json index bd6b09e5972..9ccead0d1f8 100644 --- a/2009/0xxx/CVE-2009-0435.json +++ b/2009/0xxx/CVE-2009-0435.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" - }, - { - "name" : "PK64529", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24019205" - }, - { - "name" : "33700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33700" - }, - { - "name" : "websphere-libibmaio-dos(48525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" + }, + { + "name": "33700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33700" + }, + { + "name": "PK64529", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24019205" + }, + { + "name": "websphere-libibmaio-dos(48525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48525" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0704.json b/2009/0xxx/CVE-2009-0704.json index a1d5869b184..3c18c2927eb 100644 --- a/2009/0xxx/CVE-2009-0704.json +++ b/2009/0xxx/CVE-2009-0704.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7659", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7659" - }, - { - "name" : "33097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33097" - }, - { - "name" : "wsnguest-search-sql-injection(47723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7659", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7659" + }, + { + "name": "33097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33097" + }, + { + "name": "wsnguest-search-sql-injection(47723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47723" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0827.json b/2009/0xxx/CVE-2009-0827.json index 28ee6489459..5fbb5a73612 100644 --- a/2009/0xxx/CVE-2009-0827.json +++ b/2009/0xxx/CVE-2009-0827.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7690", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7690" - }, - { - "name" : "51185", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51185" - }, - { - "name" : "33378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33378" - }, - { - "name" : "pollhelper-poll-info-disclosure(47797)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33378" + }, + { + "name": "51185", + "refsource": "OSVDB", + "url": "http://osvdb.org/51185" + }, + { + "name": "7690", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7690" + }, + { + "name": "pollhelper-poll-info-disclosure(47797)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47797" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0943.json b/2009/0xxx/CVE-2009-0943.json index d11d5402bd7..60d29fa80a5 100644 --- a/2009/0xxx/CVE-2009-0943.json +++ b/2009/0xxx/CVE-2009-0943.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "34926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34926" - }, - { - "name" : "1022216", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022216" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "macos-helpviewer-html-code-execution(50486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "macos-helpviewer-html-code-execution(50486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50486" + }, + { + "name": "34926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34926" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "1022216", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022216" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2347.json b/2009/2xxx/CVE-2009-2347.json index 169f8a6c5ee..85d553dea3e 100644 --- a/2009/2xxx/CVE-2009-2347.json +++ b/2009/2xxx/CVE-2009-2347.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090713 [oCERT-2009-012] libtiff tools integer overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504892/100/0/threaded" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2009-012.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2009-012.html" - }, - { - "name" : "http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/", - "refsource" : "CONFIRM", - "url" : "http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2079", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2079" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347" - }, - { - "name" : "DSA-1835", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1835" - }, - { - "name" : "FEDORA-2009-7724", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html" - }, - { - "name" : "FEDORA-2009-7775", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html" - }, - { - "name" : "GLSA-200908-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200908-03.xml" - }, - { - "name" : "GLSA-201209-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml" - }, - { - "name" : "MDVSA-2009:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:150" - }, - { - "name" : "MDVSA-2011:043", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:043" - }, - { - "name" : "RHSA-2009:1159", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1159.html" - }, - { - "name" : "USN-801-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-801-1" - }, - { - "name" : "35652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35652" - }, - { - "name" : "55821", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55821" - }, - { - "name" : "55822", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55822" - }, - { - "name" : "oval:org.mitre.oval:def:10988", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988" - }, - { - "name" : "1022539", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022539" - }, - { - "name" : "35817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35817" - }, - { - "name" : "35811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35811" - }, - { - "name" : "35866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35866" - }, - { - "name" : "35883", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35883" - }, - { - "name" : "35911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35911" - }, - { - "name" : "36194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36194" - }, - { - "name" : "50726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50726" - }, - { - "name" : "ADV-2009-1870", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1870" - }, - { - "name" : "ADV-2011-0621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0621" - }, - { - "name" : "libtiff-rgb2ycbcr-tiff2rgba-bo(51688)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35817" + }, + { + "name": "35866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35866" + }, + { + "name": "FEDORA-2009-7724", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347" + }, + { + "name": "55821", + "refsource": "OSVDB", + "url": "http://osvdb.org/55821" + }, + { + "name": "FEDORA-2009-7775", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html" + }, + { + "name": "ADV-2009-1870", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1870" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2009-012.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2009-012.html" + }, + { + "name": "oval:org.mitre.oval:def:10988", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988" + }, + { + "name": "1022539", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022539" + }, + { + "name": "ADV-2011-0621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0621" + }, + { + "name": "USN-801-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-801-1" + }, + { + "name": "35811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35811" + }, + { + "name": "35883", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35883" + }, + { + "name": "GLSA-201209-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + }, + { + "name": "36194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36194" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2079", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2079" + }, + { + "name": "20090713 [oCERT-2009-012] libtiff tools integer overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504892/100/0/threaded" + }, + { + "name": "MDVSA-2009:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:150" + }, + { + "name": "GLSA-200908-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200908-03.xml" + }, + { + "name": "libtiff-rgb2ycbcr-tiff2rgba-bo(51688)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51688" + }, + { + "name": "35911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35911" + }, + { + "name": "http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/", + "refsource": "CONFIRM", + "url": "http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/" + }, + { + "name": "55822", + "refsource": "OSVDB", + "url": "http://osvdb.org/55822" + }, + { + "name": "RHSA-2009:1159", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1159.html" + }, + { + "name": "35652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35652" + }, + { + "name": "DSA-1835", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1835" + }, + { + "name": "MDVSA-2011:043", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:043" + }, + { + "name": "50726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50726" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2757.json b/2009/2xxx/CVE-2009-2757.json index 25161d1c7c7..5f100adba69 100644 --- a/2009/2xxx/CVE-2009-2757.json +++ b/2009/2xxx/CVE-2009-2757.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2757", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2757", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3094.json b/2009/3xxx/CVE-2009-3094.json index b8b38713a31..ec5a3988d72 100644 --- a/2009/3xxx/CVE-2009-3094.json +++ b/2009/3xxx/CVE-2009-3094.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091124 rPSA-2009-0155-1 httpd mod_ssl", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508075/100/0/threaded" - }, - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "http://www.intevydis.com/blog/?p=59", - "refsource" : "MISC", - "url" : "http://www.intevydis.com/blog/?p=59" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0155", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0155" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=521619", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=521619" - }, - { - "name" : "PK96858", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858" - }, - { - "name" : "PM09161", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161" - }, - { - "name" : "DSA-1934", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1934" - }, - { - "name" : "FEDORA-2009-12604", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html" - }, - { - "name" : "FEDORA-2009-12606", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html" - }, - { - "name" : "HPSBMU02753", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133355494609819&w=2" - }, - { - "name" : "HPSBOV02506", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126998684522511&w=2" - }, - { - "name" : "HPSBUX02531", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557640302499&w=2" - }, - { - "name" : "SSRT090244", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126998684522511&w=2" - }, - { - "name" : "SSRT100108", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557640302499&w=2" - }, - { - "name" : "SSRT100782", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133355494609819&w=2" - }, - { - "name" : "SUSE-SA:2009:050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:10981", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981" - }, - { - "name" : "oval:org.mitre.oval:def:8087", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087" - }, - { - "name" : "36549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36549" - }, - { - "name" : "37152", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37152" - }, - { - "name" : "ADV-2010-0609", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2009:050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:10981", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981" + }, + { + "name": "ADV-2010-0609", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0609" + }, + { + "name": "HPSBUX02531", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557640302499&w=2" + }, + { + "name": "SSRT090244", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126998684522511&w=2" + }, + { + "name": "HPSBOV02506", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126998684522511&w=2" + }, + { + "name": "37152", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37152" + }, + { + "name": "DSA-1934", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1934" + }, + { + "name": "PK96858", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858" + }, + { + "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded" + }, + { + "name": "http://www.intevydis.com/blog/?p=59", + "refsource": "MISC", + "url": "http://www.intevydis.com/blog/?p=59" + }, + { + "name": "SSRT100782", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133355494609819&w=2" + }, + { + "name": "oval:org.mitre.oval:def:8087", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087" + }, + { + "name": "HPSBMU02753", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133355494609819&w=2" + }, + { + "name": "FEDORA-2009-12604", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html" + }, + { + "name": "PM09161", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0155", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155" + }, + { + "name": "SSRT100108", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557640302499&w=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=521619", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619" + }, + { + "name": "FEDORA-2009-12606", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + }, + { + "name": "36549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36549" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3526.json b/2009/3xxx/CVE-2009-3526.json index 2040302ebd9..b16451cb421 100644 --- a/2009/3xxx/CVE-2009-3526.json +++ b/2009/3xxx/CVE-2009-3526.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3526", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3526", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3694.json b/2009/3xxx/CVE-2009-3694.json index b2e5728967b..ee1fe5d23bb 100644 --- a/2009/3xxx/CVE-2009-3694.json +++ b/2009/3xxx/CVE-2009-3694.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityreason.com/expldownload/1/7380/1", - "refsource" : "MISC", - "url" : "http://securityreason.com/expldownload/1/7380/1" - }, - { - "name" : "58709", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58709" - }, - { - "name" : "36992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36992" - }, - { - "name" : "ezrecipe-config-file-include(53696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36992" + }, + { + "name": "58709", + "refsource": "OSVDB", + "url": "http://osvdb.org/58709" + }, + { + "name": "http://securityreason.com/expldownload/1/7380/1", + "refsource": "MISC", + "url": "http://securityreason.com/expldownload/1/7380/1" + }, + { + "name": "ezrecipe-config-file-include(53696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53696" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3898.json b/2009/3xxx/CVE-2009-3898.json index 67b77d1d86d..846836811bc 100644 --- a/2009/3xxx/CVE-2009-3898.json +++ b/2009/3xxx/CVE-2009-3898.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090923 nginx - low risk webdav destination bug", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html" - }, - { - "name" : "[oss-security] 20091120 CVEs for nginx", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/20/1" - }, - { - "name" : "[oss-security] 20091123 Re: CVEs for nginx", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/23/10" - }, - { - "name" : "[oss-security] 20091123 Re: CVEs for nginx", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125900327409842&w=2" - }, - { - "name" : "[oss-security] 20091123 Re: CVEs for nginx", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125897327321676&w=2" - }, - { - "name" : "[oss-security] 20091123 Re: CVEs for nginx", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125897425223039&w=2" - }, - { - "name" : "GLSA-201203-22", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-22.xml" - }, - { - "name" : "36818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36818" - }, - { - "name" : "48577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20091123 Re: CVEs for nginx", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125897425223039&w=2" + }, + { + "name": "[oss-security] 20091123 Re: CVEs for nginx", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" + }, + { + "name": "[oss-security] 20091123 Re: CVEs for nginx", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125897327321676&w=2" + }, + { + "name": "20090923 nginx - low risk webdav destination bug", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html" + }, + { + "name": "48577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48577" + }, + { + "name": "36818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36818" + }, + { + "name": "[oss-security] 20091123 Re: CVEs for nginx", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125900327409842&w=2" + }, + { + "name": "[oss-security] 20091120 CVEs for nginx", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" + }, + { + "name": "GLSA-201203-22", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4123.json b/2009/4xxx/CVE-2009-4123.json index e71979147d8..2acda260755 100644 --- a/2009/4xxx/CVE-2009-4123.json +++ b/2009/4xxx/CVE-2009-4123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4123", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4123", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4718.json b/2009/4xxx/CVE-2009-4718.json index fd8d0cd023e..bfad89a3f8b 100644 --- a/2009/4xxx/CVE-2009-4718.json +++ b/2009/4xxx/CVE-2009-4718.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36068" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2040.json b/2012/2xxx/CVE-2012-2040.json index f50a6832815..87a9c2355d6 100644 --- a/2012/2xxx/CVE-2012-2040.json +++ b/2012/2xxx/CVE-2012-2040.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-2040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-14.html" - }, - { - "name" : "SUSE-SU-2012:0724", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html" - }, - { - "name" : "openSUSE-SU-2012:0723", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:0724", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-14.html" + }, + { + "name": "openSUSE-SU-2012:0723", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2058.json b/2012/2xxx/CVE-2012-2058.json index b221f4364a2..91cca4246d4 100644 --- a/2012/2xxx/CVE-2012-2058.json +++ b/2012/2xxx/CVE-2012-2058.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1482126", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1482126" - }, - { - "name" : "52502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52502" - }, - { - "name" : "ubercart-payflow-drupal-weak-security(74055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1482126", + "refsource": "MISC", + "url": "http://drupal.org/node/1482126" + }, + { + "name": "ubercart-payflow-drupal-weak-security(74055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74055" + }, + { + "name": "52502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52502" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2584.json b/2012/2xxx/CVE-2012-2584.json index c841d6d2f41..aff2a12711d 100644 --- a/2012/2xxx/CVE-2012-2584.json +++ b/2012/2xxx/CVE-2012-2584.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20357", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20357/" - }, - { - "name" : "54885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54885" - }, - { - "name" : "1027409", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027409" - }, - { - "name" : "mdaemon-body-xss(77543)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027409", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027409" + }, + { + "name": "mdaemon-body-xss(77543)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77543" + }, + { + "name": "54885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54885" + }, + { + "name": "20357", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20357/" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0019.json b/2015/0xxx/CVE-2015-0019.json index 21203757faf..3b78d3e50d7 100644 --- a/2015/0xxx/CVE-2015-0019.json +++ b/2015/0xxx/CVE-2015-0019.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72425" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72425" + }, + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0396.json b/2015/0xxx/CVE-2015-0396.json index 7cb28c78ffa..1cc1570155d 100644 --- a/2015/0xxx/CVE-2015-0396.json +++ b/2015/0xxx/CVE-2015-0396.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72121" - }, - { - "name" : "1031570", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031570" - }, - { - "name" : "62480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62480" - }, - { - "name" : "oracle-cpujan2015-cve20150396(100073)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031570", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031570" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "62480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62480" + }, + { + "name": "oracle-cpujan2015-cve20150396(100073)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100073" + }, + { + "name": "72121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72121" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0505.json b/2015/0xxx/CVE-2015-0505.json index 95c46827412..bd05c7ef8c1 100644 --- a/2015/0xxx/CVE-2015-0505.json +++ b/2015/0xxx/CVE-2015-0505.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3229", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3229" - }, - { - "name" : "DSA-3311", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3311" - }, - { - "name" : "GLSA-201507-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-19" - }, - { - "name" : "MDVSA-2015:227", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:227" - }, - { - "name" : "RHSA-2015:1629", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1629.html" - }, - { - "name" : "RHSA-2015:1628", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1628.html" - }, - { - "name" : "RHSA-2015:1647", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1647.html" - }, - { - "name" : "RHSA-2015:1665", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1665.html" - }, - { - "name" : "SUSE-SU-2015:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" - }, - { - "name" : "USN-2575-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2575-1" - }, - { - "name" : "74112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74112" - }, - { - "name" : "1032121", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201507-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-19" + }, + { + "name": "DSA-3229", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3229" + }, + { + "name": "1032121", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032121" + }, + { + "name": "DSA-3311", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3311" + }, + { + "name": "RHSA-2015:1647", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "RHSA-2015:1628", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1628.html" + }, + { + "name": "SUSE-SU-2015:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" + }, + { + "name": "USN-2575-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2575-1" + }, + { + "name": "MDVSA-2015:227", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:227" + }, + { + "name": "https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/" + }, + { + "name": "RHSA-2015:1629", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1629.html" + }, + { + "name": "74112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74112" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + }, + { + "name": "RHSA-2015:1665", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0796.json b/2015/0xxx/CVE-2015-0796.json index e16fae6df23..c6bde877e79 100644 --- a/2015/0xxx/CVE-2015-0796.json +++ b/2015/0xxx/CVE-2015-0796.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.com", - "DATE_PUBLIC" : "2015-08-13T00:00:00.000Z", - "ID" : "CVE-2015-0796", - "STATE" : "PUBLIC", - "TITLE" : "open build service source server symlink exploitation via source patch" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2015-08-13T00:00:00.000Z", + "ID": "CVE-2015-0796", + "STATE": "PUBLIC", + "TITLE": "open build service source server symlink exploitation via source patch" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "open build service", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.6", + "version_value": "2.6.3" + }, + { + "affected": "<", + "version_name": "2.5", + "version_value": "2.5.7" + }, + { + "affected": "<", + "version_name": "2.4", + "version_value": "2.4.8" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Marcus H\u00fcwe" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "open build service", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "2.6", - "version_value" : "2.6.3" - }, - { - "affected" : "<", - "version_name" : "2.5", - "version_value" : "2.5.7" - }, - { - "affected" : "<", - "version_name" : "2.4", - "version_value" : "2.4.8" - } - ] - } - } - ] - }, - "vendor_name" : "SUSE" + "lang": "eng", + "value": "In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service." } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Marcus Hüwe" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 6.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "creation of non-standard files" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-434" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=941099", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=941099" - }, - { - "name" : "https://github.com/openSUSE/open-build-service/commit/474a3db19498765f0118ba3dbc0b1cc90b0097fc", - "refsource" : "CONFIRM", - "url" : "https://github.com/openSUSE/open-build-service/commit/474a3db19498765f0118ba3dbc0b1cc90b0097fc" - } - ] - }, - "source" : { - "defect" : [ - "941099" - ], - "discovery" : "EXTERNAL" - } -} + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "creation of non-standard files" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-434" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=941099", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=941099" + }, + { + "name": "https://github.com/openSUSE/open-build-service/commit/474a3db19498765f0118ba3dbc0b1cc90b0097fc", + "refsource": "CONFIRM", + "url": "https://github.com/openSUSE/open-build-service/commit/474a3db19498765f0118ba3dbc0b1cc90b0097fc" + } + ] + }, + "source": { + "defect": [ + "941099" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1155.json b/2015/1xxx/CVE-2015-1155.json index 9f71610aa37..a7ad9813c0e 100644 --- a/2015/1xxx/CVE-2015-1155.json +++ b/2015/1xxx/CVE-2015-1155.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204826", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204826" - }, - { - "name" : "http://support.apple.com/kb/HT204941", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204941" - }, - { - "name" : "APPLE-SA-2015-05-06-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/May/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-06-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" - }, - { - "name" : "openSUSE-SU-2016:0915", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" - }, - { - "name" : "openSUSE-SU-2016:0761", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" - }, - { - "name" : "USN-2937-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2937-1" - }, - { - "name" : "74527", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74527" - }, - { - "name" : "1032270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204826", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204826" + }, + { + "name": "http://support.apple.com/kb/HT204941", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204941" + }, + { + "name": "openSUSE-SU-2016:0761", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" + }, + { + "name": "1032270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032270" + }, + { + "name": "74527", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74527" + }, + { + "name": "openSUSE-SU-2016:0915", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" + }, + { + "name": "APPLE-SA-2015-06-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" + }, + { + "name": "APPLE-SA-2015-05-06-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/May/msg00000.html" + }, + { + "name": "USN-2937-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2937-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1359.json b/2015/1xxx/CVE-2015-1359.json index 40852d8114e..028599abc66 100644 --- a/2015/1xxx/CVE-2015-1359.json +++ b/2015/1xxx/CVE-2015-1359.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an \"intra-object-overflow\" issue, a different vulnerability than CVE-2015-1205." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=421196", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=421196" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=449894", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=449894" - }, - { - "name" : "https://codereview.chromium.org/656463006", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/656463006" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an \"intra-object-overflow\" issue, a different vulnerability than CVE-2015-1205." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codereview.chromium.org/656463006", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/656463006" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=421196", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=421196" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=449894", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=449894" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1606.json b/2015/1xxx/CVE-2015-1606.json index df9202c748c..d2412325693 100644 --- a/2015/1xxx/CVE-2015-1606.json +++ b/2015/1xxx/CVE-2015-1606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5073.json b/2015/5xxx/CVE-2015-5073.json index 3196cb0aa9f..909679b0252 100644 --- a/2015/5xxx/CVE-2015-5073.json +++ b/2015/5xxx/CVE-2015-5073.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150626 CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/26/1" - }, - { - "name" : "[oss-security] 20150626 Re: CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/26/3" - }, - { - "name" : "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup", - "refsource" : "CONFIRM", - "url" : "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup" - }, - { - "name" : "http://vcs.pcre.org/pcre?view=revision&revision=1571", - "refsource" : "CONFIRM", - "url" : "http://vcs.pcre.org/pcre?view=revision&revision=1571" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886" - }, - { - "name" : "https://bugs.exim.org/show_bug.cgi?id=1651", - "refsource" : "CONFIRM", - "url" : "https://bugs.exim.org/show_bug.cgi?id=1651" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "GLSA-201607-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-02" - }, - { - "name" : "RHSA-2016:1025", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1025.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "75430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75430" - }, - { - "name" : "1033154", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75430" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886" + }, + { + "name": "RHSA-2016:1025", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "[oss-security] 20150626 CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/26/1" + }, + { + "name": "[oss-security] 20150626 Re: CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/26/3" + }, + { + "name": "https://bugs.exim.org/show_bug.cgi?id=1651", + "refsource": "CONFIRM", + "url": "https://bugs.exim.org/show_bug.cgi?id=1651" + }, + { + "name": "1033154", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033154" + }, + { + "name": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup", + "refsource": "CONFIRM", + "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup" + }, + { + "name": "http://vcs.pcre.org/pcre?view=revision&revision=1571", + "refsource": "CONFIRM", + "url": "http://vcs.pcre.org/pcre?view=revision&revision=1571" + }, + { + "name": "GLSA-201607-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-02" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5346.json b/2015/5xxx/CVE-2015-5346.json index 46ae9a2df0c..01ceb09bb0c 100644 --- a/2015/5xxx/CVE-2015-5346.json +++ b/2015/5xxx/CVE-2015-5346.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160222 [SECURITY] CVE-2015-5346 Apache Tomcat Session fixation", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Feb/143" - }, - { - "name" : "http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1713184", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1713184" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1713185", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1713185" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1713187", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1713187" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1723414", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1723414" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1723506", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1723506" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "http://tomcat.apache.org/security-8.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-8.html" - }, - { - "name" : "http://tomcat.apache.org/security-9.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-9.html" - }, - { - "name" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=58809", - "refsource" : "CONFIRM", - "url" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=58809" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa118", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa118" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180531-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180531-0001/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "DSA-3530", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3530" - }, - { - "name" : "DSA-3609", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3609" - }, - { - "name" : "DSA-3552", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3552" - }, - { - "name" : "GLSA-201705-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-09" - }, - { - "name" : "RHSA-2016:2046", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2046.html" - }, - { - "name" : "RHSA-2016:1087", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1087" - }, - { - "name" : "RHSA-2016:1088", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1088" - }, - { - "name" : "RHSA-2016:1089", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1089.html" - }, - { - "name" : "RHSA-2016:2807", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2807.html" - }, - { - "name" : "RHSA-2016:2808", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2808.html" - }, - { - "name" : "SUSE-SU-2016:0769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html" - }, - { - "name" : "SUSE-SU-2016:0822", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html" - }, - { - "name" : "openSUSE-SU-2016:0865", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html" - }, - { - "name" : "USN-3024-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3024-1" - }, - { - "name" : "83323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83323" - }, - { - "name" : "1035069", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "GLSA-201705-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-09" + }, + { + "name": "20160222 [SECURITY] CVE-2015-5346 Apache Tomcat Session fixation", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Feb/143" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "openSUSE-SU-2016:0865", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html" + }, + { + "name": "http://tomcat.apache.org/security-9.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-9.html" + }, + { + "name": "USN-3024-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3024-1" + }, + { + "name": "SUSE-SU-2016:0769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html" + }, + { + "name": "DSA-3530", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3530" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1713184", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1713184" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "RHSA-2016:2046", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2046.html" + }, + { + "name": "83323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83323" + }, + { + "name": "RHSA-2016:1089", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html" + }, + { + "name": "http://tomcat.apache.org/security-8.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-8.html" + }, + { + "name": "RHSA-2016:1087", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1087" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1723414", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1723414" + }, + { + "name": "1035069", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035069" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa118", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa118" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442" + }, + { + "name": "RHSA-2016:2807", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html" + }, + { + "name": "RHSA-2016:1088", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1088" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180531-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180531-0001/" + }, + { + "name": "RHSA-2016:2808", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html" + }, + { + "name": "SUSE-SU-2016:0822", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html" + }, + { + "name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=58809", + "refsource": "CONFIRM", + "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=58809" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1713185", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1713185" + }, + { + "name": "DSA-3609", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3609" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1723506", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1723506" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1713187", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1713187" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626" + }, + { + "name": "DSA-3552", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3552" + }, + { + "name": "http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5672.json b/2015/5xxx/CVE-2015-5672.json index 294739a20ab..95f1634fcb1 100644 --- a/2015/5xxx/CVE-2015-5672.json +++ b/2015/5xxx/CVE-2015-5672.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.typemoon.com/support/vulnerability150902.html", - "refsource" : "CONFIRM", - "url" : "http://www.typemoon.com/support/vulnerability150902.html" - }, - { - "name" : "JVN#80144272", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN80144272/index.html" - }, - { - "name" : "JVNDB-2015-000174", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.typemoon.com/support/vulnerability150902.html", + "refsource": "CONFIRM", + "url": "http://www.typemoon.com/support/vulnerability150902.html" + }, + { + "name": "JVN#80144272", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN80144272/index.html" + }, + { + "name": "JVNDB-2015-000174", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000174" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5755.json b/2015/5xxx/CVE-2015-5755.json index 6ede8c664d4..8182a594e56 100644 --- a/2015/5xxx/CVE-2015-5755.json +++ b/2015/5xxx/CVE-2015-5755.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "76343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76343" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "76343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76343" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11534.json b/2018/11xxx/CVE-2018-11534.json index 620578d4f29..b4ff8ee7586 100644 --- a/2018/11xxx/CVE-2018-11534.json +++ b/2018/11xxx/CVE-2018-11534.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11534", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11534", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3165.json b/2018/3xxx/CVE-2018-3165.json index 302f31e3dc0..6ef29f22aea 100644 --- a/2018/3xxx/CVE-2018-3165.json +++ b/2018/3xxx/CVE-2018-3165.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105598" - }, - { - "name" : "1041891", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105598" + }, + { + "name": "1041891", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041891" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3832.json b/2018/3xxx/CVE-2018-3832.json index 7474082c555..db5341c9521 100644 --- a/2018/3xxx/CVE-2018-3832.json +++ b/2018/3xxx/CVE-2018-3832.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-06-19T00:00:00", - "ID" : "CVE-2018-3832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Insteon", - "version" : { - "version_data" : [ - { - "version_value" : "Insteon Hub 2245-222 - Firmware version 1013" - } - ] - } - } - ] - }, - "vendor_name" : "Insteon" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "leftover debug code" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-06-19T00:00:00", + "ID": "CVE-2018-3832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Insteon", + "version": { + "version_data": [ + { + "version_value": "Insteon Hub 2245-222 - Firmware version 1013" + } + ] + } + } + ] + }, + "vendor_name": "Insteon" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0511", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "leftover debug code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0511", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0511" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3837.json b/2018/3xxx/CVE-2018-3837.json index 554c20175f3..541dbc19421 100644 --- a/2018/3xxx/CVE-2018-3837.json +++ b/2018/3xxx/CVE-2018-3837.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-04-10T00:00:00", - "ID" : "CVE-2018-3837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Simple Direct Media", - "version" : { - "version_data" : [ - { - "version_value" : "Simple DirectMedia LayerSDL2_image 2.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Based-Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-10T00:00:00", + "ID": "CVE-2018-3837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Simple Direct Media", + "version": { + "version_data": [ + { + "version_value": "Simple DirectMedia LayerSDL2_image 2.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Cisco Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519" - }, - { - "name" : "DSA-4177", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4177" - }, - { - "name" : "DSA-4184", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Based-Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4177", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4177" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519" + }, + { + "name": "DSA-4184", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4184" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6110.json b/2018/6xxx/CVE-2018-6110.json index e6f52fe93ff..5c2914ee6df 100644 --- a/2018/6xxx/CVE-2018-6110.json +++ b/2018/6xxx/CVE-2018-6110.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "66.0.3359.117" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "66.0.3359.117" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/777737", - "refsource" : "MISC", - "url" : "https://crbug.com/777737" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "GLSA-201804-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-22" - }, - { - "name" : "RHSA-2018:1195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1195" - }, - { - "name" : "103917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201804-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-22" + }, + { + "name": "https://crbug.com/777737", + "refsource": "MISC", + "url": "https://crbug.com/777737" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + }, + { + "name": "103917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103917" + }, + { + "name": "RHSA-2018:1195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1195" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6218.json b/2018/6xxx/CVE-2018-6218.json index b5ac2db0407..b7391c6ebff 100644 --- a/2018/6xxx/CVE-2018-6218.json +++ b/2018/6xxx/CVE-2018-6218.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-6218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro User-Mode Hooking (UMH) Module", - "version" : { - "version_data" : [ - { - "version_value" : "NA" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DLL Hijacking" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-6218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro User-Mode Hooking (UMH) Module", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://success.trendmicro.com/jp/solution/1119348", - "refsource" : "MISC", - "url" : "https://success.trendmicro.com/jp/solution/1119348" - }, - { - "name" : "https://success.trendmicro.com/solution/1119326", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119326" - }, - { - "name" : "JVN#28865183", - "refsource" : "JVN", - "url" : "https://jvn.jp/jp/JVN28865183/" - }, - { - "name" : "103096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Hijacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103096" + }, + { + "name": "JVN#28865183", + "refsource": "JVN", + "url": "https://jvn.jp/jp/JVN28865183/" + }, + { + "name": "https://success.trendmicro.com/solution/1119326", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119326" + }, + { + "name": "https://success.trendmicro.com/jp/solution/1119348", + "refsource": "MISC", + "url": "https://success.trendmicro.com/jp/solution/1119348" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7064.json b/2018/7xxx/CVE-2018-7064.json index 8439884e948..ea0ad2b0b5b 100644 --- a/2018/7xxx/CVE-2018-7064.json +++ b/2018/7xxx/CVE-2018-7064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7064", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7064", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7095.json b/2018/7xxx/CVE-2018-7095.json index e05774bcbd2..7ff05d4c7be 100644 --- a/2018/7xxx/CVE-2018-7095.json +++ b/2018/7xxx/CVE-2018-7095.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE 3PAR Service Processors", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to SP-4.4.0.GA-110(MU7)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote access restriction bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE 3PAR Service Processors", + "version": { + "version_data": [ + { + "version_value": "Prior to SP-4.4.0.GA-110(MU7)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote access restriction bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7512.json b/2018/7xxx/CVE-2018-7512.json index ac615c00871..0f9fc9d25fa 100644 --- a/2018/7xxx/CVE-2018-7512.json +++ b/2018/7xxx/CVE-2018-7512.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-03-20T00:00:00", - "ID" : "CVE-2018-7512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Geutebrück G-Cam/EFD-2250 (part n° 5.02024) firmware and Topline TopFD-2125 (part n° 5.02820) firmware", - "version" : { - "version_data" : [ - { - "version_value" : "G-Cam/EFD-2250 version 1.12.0.4 and Topline TopFD-2125 version 3.15.1" - } - ] - } - } - ] - }, - "vendor_name" : "Geutebrück" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-03-20T00:00:00", + "ID": "CVE-2018-7512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Geutebrück G-Cam/EFD-2250 (part n° 5.02024) firmware and Topline TopFD-2125 (part n° 5.02820) firmware", + "version": { + "version_data": [ + { + "version_value": "G-Cam/EFD-2250 version 1.12.0.4 and Topline TopFD-2125 version 3.15.1" + } + ] + } + } + ] + }, + "vendor_name": "Geutebrück" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01" - }, - { - "name" : "103474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01" + }, + { + "name": "103474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103474" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8243.json b/2018/8xxx/CVE-2018-8243.json index f006dbbf1d2..f88c9833340 100644 --- a/2018/8xxx/CVE-2018-8243.json +++ b/2018/8xxx/CVE-2018-8243.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore. This CVE ID is unique from CVE-2018-8267." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8243", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8243" - }, - { - "name" : "104403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore. This CVE ID is unique from CVE-2018-8267." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8243", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8243" + }, + { + "name": "104403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104403" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8358.json b/2018/8xxx/CVE-2018-8358.json index 3f21212da68..16559ab9857 100644 --- a/2018/8xxx/CVE-2018-8358.json +++ b/2018/8xxx/CVE-2018-8358.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8358", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8358" - }, - { - "name" : "105017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105017" - }, - { - "name" : "1041457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105017" + }, + { + "name": "1041457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041457" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8358", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8358" + } + ] + } +} \ No newline at end of file