diff --git a/2005/0xxx/CVE-2005-0606.json b/2005/0xxx/CVE-2005-0606.json index f11c611f644..57c35966a9a 100644 --- a/2005/0xxx/CVE-2005-0606.json +++ b/2005/0xxx/CVE-2005-0606.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html" - }, - { - "name" : "http://www.cubecart.com/site/forums/index.php?showtopic=6032", - "refsource" : "CONFIRM", - "url" : "http://www.cubecart.com/site/forums/index.php?showtopic=6032" - }, - { - "name" : "12658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12658" - }, - { - "name" : "1013304", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013304" - }, - { - "name" : "14416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14416" - }, - { - "name" : "cubecart-multiple-xss(20637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12658" + }, + { + "name": "14416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14416" + }, + { + "name": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html" + }, + { + "name": "http://www.cubecart.com/site/forums/index.php?showtopic=6032", + "refsource": "CONFIRM", + "url": "http://www.cubecart.com/site/forums/index.php?showtopic=6032" + }, + { + "name": "cubecart-multiple-xss(20637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20637" + }, + { + "name": "1013304", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013304" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0729.json b/2005/0xxx/CVE-2005-0729.json index 8c6368a9172..5858f8a67f8 100644 --- a/2005/0xxx/CVE-2005-0729.json +++ b/2005/0xxx/CVE-2005-0729.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/xprallyfs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/xprallyfs-adv.txt" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5DP0G00F5Q.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5DP0G00F5Q.html" - }, - { - "name" : "14545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14545" - }, - { - "name" : "xpandrally-message-format-string(19649)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/xprallyfs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/xprallyfs-adv.txt" + }, + { + "name": "xpandrally-message-format-string(19649)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19649" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5DP0G00F5Q.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5DP0G00F5Q.html" + }, + { + "name": "14545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14545" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0818.json b/2005/0xxx/CVE-2005-0818.json index 8eeadee1417..184f065a968 100644 --- a/2005/0xxx/CVE-2005-0818.json +++ b/2005/0xxx/CVE-2005-0818.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1013446", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013446" - }, - { - "name" : "punbb-email-jabber-xss(19725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013446", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013446" + }, + { + "name": "punbb-email-jabber-xss(19725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19725" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2090.json b/2005/2xxx/CVE-2005-2090.json index 55614bd590b..92e283ec248 100644 --- a/2005/2xxx/CVE-2005-2090.json +++ b/2005/2xxx/CVE-2005-2090.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Jun/0025.html" - }, - { - "name" : "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485938/100/0/threaded" - }, - { - "name" : "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500412/100/0/threaded" - }, - { - "name" : "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500396/100/0/threaded" - }, - { - "name" : "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" - }, - { - "name" : "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf", - "refsource" : "MISC", - "url" : "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf" - }, - { - "name" : "http://www.securiteam.com/securityreviews/5GP0220G0U.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securityreviews/5GP0220G0U.html" - }, - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=306172", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306172" - }, - { - "name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" - }, - { - "name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", - "refsource" : "CONFIRM", - "url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" - }, - { - "name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", - "refsource" : "CONFIRM", - "url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" - }, - { - "name" : "APPLE-SA-2007-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" - }, - { - "name" : "HPSBUX02262", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" - }, - { - "name" : "SSRT071447", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" - }, - { - "name" : "RHSA-2007:0327", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0327.html" - }, - { - "name" : "RHSA-2007:0360", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0360.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "239312", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" - }, - { - "name" : "SUSE-SR:2008:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" - }, - { - "name" : "25159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25159" - }, - { - "name" : "13873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13873" - }, - { - "name" : "oval:org.mitre.oval:def:10499", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499" - }, - { - "name" : "ADV-2007-2732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2732" - }, - { - "name" : "ADV-2007-3087", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3087" - }, - { - "name" : "ADV-2007-3386", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3386" - }, - { - "name" : "ADV-2008-0065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0065" - }, - { - "name" : "ADV-2008-1979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1979/references" - }, - { - "name" : "ADV-2009-0233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0233" - }, - { - "name" : "1014365", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014365" - }, - { - "name" : "26235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26235" - }, - { - "name" : "26660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26660" - }, - { - "name" : "27037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27037" - }, - { - "name" : "28365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28365" - }, - { - "name" : "29242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29242" - }, - { - "name" : "30908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30908" - }, - { - "name" : "30899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30899" - }, - { - "name" : "33668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html" + }, + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "30908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30908" + }, + { + "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" + }, + { + "name": "ADV-2007-2732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2732" + }, + { + "name": "13873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13873" + }, + { + "name": "239312", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" + }, + { + "name": "ADV-2007-3087", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3087" + }, + { + "name": "30899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30899" + }, + { + "name": "29242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29242" + }, + { + "name": "ADV-2008-1979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1979/references" + }, + { + "name": "APPLE-SA-2007-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" + }, + { + "name": "ADV-2008-0065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0065" + }, + { + "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" + }, + { + "name": "SUSE-SR:2008:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" + }, + { + "name": "33668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33668" + }, + { + "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded" + }, + { + "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" + }, + { + "name": "RHSA-2007:0360", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html" + }, + { + "name": "ADV-2009-0233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0233" + }, + { + "name": "oval:org.mitre.oval:def:10499", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499" + }, + { + "name": "28365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28365" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "ADV-2007-3386", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3386" + }, + { + "name": "http://www.securiteam.com/securityreviews/5GP0220G0U.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html" + }, + { + "name": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf", + "refsource": "MISC", + "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf" + }, + { + "name": "RHSA-2007:0327", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html" + }, + { + "name": "27037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27037" + }, + { + "name": "1014365", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014365" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306172", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306172" + }, + { + "name": "SSRT071447", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" + }, + { + "name": "HPSBUX02262", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "25159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25159" + }, + { + "name": "26660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26660" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html" + }, + { + "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", + "refsource": "CONFIRM", + "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" + }, + { + "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", + "refsource": "CONFIRM", + "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" + }, + { + "name": "26235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26235" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2361.json b/2005/2xxx/CVE-2005-2361.json index 4fca67b1990..ea38320f6bf 100644 --- a/2005/2xxx/CVE-2005-2361.json +++ b/2005/2xxx/CVE-2005-2361.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethereal 0.8.19 through 0.10.11 allows remote attackers to cause a denial of service (application crash or abort) via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00020.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00020.html" - }, - { - "name" : "DSA-853", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-853" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "GLSA-200507-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200507-27.xml" - }, - { - "name" : "RHSA-2005:687", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-687.html" - }, - { - "name" : "SUSE-SR:2005:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_19_sr.html" - }, - { - "name" : "14399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14399" - }, - { - "name" : "oval:org.mitre.oval:def:10225", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10225" - }, - { - "name" : "16225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16225/" - }, - { - "name" : "17102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethereal 0.8.19 through 0.10.11 allows remote attackers to cause a denial of service (application crash or abort) via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00020.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00020.html" + }, + { + "name": "GLSA-200507-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200507-27.xml" + }, + { + "name": "SUSE-SR:2005:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html" + }, + { + "name": "oval:org.mitre.oval:def:10225", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10225" + }, + { + "name": "RHSA-2005:687", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-687.html" + }, + { + "name": "DSA-853", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-853" + }, + { + "name": "16225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16225/" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "14399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14399" + }, + { + "name": "17102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17102" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3148.json b/2005/3xxx/CVE-2005-3148.json index 30284ead189..4919f98abdd 100644 --- a/2005/3xxx/CVE-2005-3148.json +++ b/2005/3xxx/CVE-2005-3148.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332434", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332434" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=352676", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=352676" - }, - { - "name" : "DSA-1022", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1022" - }, - { - "name" : "SUSE-SR:2005:021", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/advisories/9384" - }, - { - "name" : "17025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17025" - }, - { - "name" : "19489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332434", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332434" + }, + { + "name": "DSA-1022", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1022" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=352676", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=352676" + }, + { + "name": "19489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19489" + }, + { + "name": "17025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17025" + }, + { + "name": "SUSE-SR:2005:021", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/advisories/9384" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3224.json b/2005/3xxx/CVE-2005-3224.json index 4b147d5ffff..91386a9a8f7 100644 --- a/2005/3xxx/CVE-2005-3224.json +++ b/2005/3xxx/CVE-2005-3224.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in unspecified versions of AntiVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Antivirus detection bypass by special crafted archive.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" - }, - { - "name" : "http://shadock.net/secubox/AVCraftedArchive.html", - "refsource" : "MISC", - "url" : "http://shadock.net/secubox/AVCraftedArchive.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in unspecified versions of AntiVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shadock.net/secubox/AVCraftedArchive.html", + "refsource": "MISC", + "url": "http://shadock.net/secubox/AVCraftedArchive.html" + }, + { + "name": "20051007 Antivirus detection bypass by special crafted archive.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3297.json b/2005/3xxx/CVE-2005-3297.json index b0baa19b539..549f3234cf4 100644 --- a/2005/3xxx/CVE-2005-3297.json +++ b/2005/3xxx/CVE-2005-3297.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SA:2005:060", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_60_OpenWBEM.html" - }, - { - "name" : "15121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15121" - }, - { - "name" : "20062", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20062" - }, - { - "name" : "17176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17176" - }, - { - "name" : "17244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17244" - }, - { - "name" : "suse-openwbem-bo(22749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17176" + }, + { + "name": "SUSE-SA:2005:060", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_60_OpenWBEM.html" + }, + { + "name": "17244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17244" + }, + { + "name": "15121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15121" + }, + { + "name": "20062", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20062" + }, + { + "name": "suse-openwbem-bo(22749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22749" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3465.json b/2005/3xxx/CVE-2005-3465.json index 1f8ed75a3da..359fbfd4863 100644 --- a/2005/3xxx/CVE-2005-3465.json +++ b/2005/3xxx/CVE-2005-3465.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JDE01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JDE01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3724.json b/2005/3xxx/CVE-2005-3724.json index 1e9fa57d1e3..694c324a5d2 100644 --- a/2005/3xxx/CVE-2005-3724.json +++ b/2005/3xxx/CVE-2005-3724.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051116 Zyxel P2000W (Version1) VoIP Wifi phone multiple", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113217443126673&w=2" - }, - { - "name" : "15478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15478" - }, - { - "name" : "ADV-2005-2476", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2476" - }, - { - "name" : "21292", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21292" - }, - { - "name" : "zyxel-p2000-udp-obtain-information(23092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21292", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21292" + }, + { + "name": "15478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15478" + }, + { + "name": "ADV-2005-2476", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2476" + }, + { + "name": "zyxel-p2000-udp-obtain-information(23092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23092" + }, + { + "name": "20051116 Zyxel P2000W (Version1) VoIP Wifi phone multiple", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113217443126673&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3841.json b/2005/3xxx/CVE-2005-3841.json index 39a7c534d7f..21621bbac0e 100644 --- a/2005/3xxx/CVE-2005-3841.json +++ b/2005/3xxx/CVE-2005-3841.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/kplaylist-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/kplaylist-xss-vuln.html" - }, - { - "name" : "15546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15546" - }, - { - "name" : "ADV-2005-2551", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2551" - }, - { - "name" : "21069", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21069" - }, - { - "name" : "17689", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15546" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/kplaylist-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/kplaylist-xss-vuln.html" + }, + { + "name": "17689", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17689" + }, + { + "name": "21069", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21069" + }, + { + "name": "ADV-2005-2551", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2551" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4031.json b/2005/4xxx/CVE-2005-4031.json index 829ac922005..b5431e0fa9e 100644 --- a/2005/4xxx/CVE-2005-4031.json +++ b/2005/4xxx/CVE-2005-4031.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the \"user language option,\" which is used as part of a dynamic class name that is processed using the eval function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755" - }, - { - "name" : "VU#392156", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/392156" - }, - { - "name" : "15703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15703" - }, - { - "name" : "ADV-2005-2726", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2726" - }, - { - "name" : "17866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the \"user language option,\" which is used as part of a dynamic class name that is processed using the eval function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755" + }, + { + "name": "17866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17866" + }, + { + "name": "15703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15703" + }, + { + "name": "ADV-2005-2726", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2726" + }, + { + "name": "VU#392156", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/392156" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4278.json b/2005/4xxx/CVE-2005-4278.json index d5b1d144170..06c9d9f5957 100644 --- a/2005/4xxx/CVE-2005-4278.json +++ b/2005/4xxx/CVE-2005-4278.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200510-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml" - }, - { - "name" : "15120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15120" - }, - { - "name" : "55314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55314" - }, - { - "name" : "ADV-2005-2119", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2119" - }, - { - "name" : "20086", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20086" - }, - { - "name" : "17232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2119", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2119" + }, + { + "name": "GLSA-200510-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml" + }, + { + "name": "55314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55314" + }, + { + "name": "17232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17232" + }, + { + "name": "20086", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20086" + }, + { + "name": "15120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15120" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4443.json b/2005/4xxx/CVE-2005-4443.json index be8c5049213..e56f08e42b5 100644 --- a/2005/4xxx/CVE-2005-4443.json +++ b/2005/4xxx/CVE-2005-4443.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200512-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-07.xml" - }, - { - "name" : "15120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15120" - }, - { - "name" : "18040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18040/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18040/" + }, + { + "name": "GLSA-200512-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-07.xml" + }, + { + "name": "15120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15120" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4456.json b/2005/4xxx/CVE-2005-4456.json index db32cad52e0..a1ec22eacc5 100644 --- a/2005/4xxx/CVE-2005-4456.json +++ b/2005/4xxx/CVE-2005-4456.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that these are alternate vectors for the issue described in CVE-2005-4402." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 [ACSSEC-2005-11-27-0x2] Remote Overflows in Mailenable Enterprise 1.1 / Professional 1.7", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Dec/1036.html" - }, - { - "name" : "15985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15985" - }, - { - "name" : "18134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that these are alternate vectors for the issue described in CVE-2005-4402." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18134" + }, + { + "name": "15985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15985" + }, + { + "name": "20051220 [ACSSEC-2005-11-27-0x2] Remote Overflows in Mailenable Enterprise 1.1 / Professional 1.7", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Dec/1036.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4631.json b/2005/4xxx/CVE-2005-4631.json index 704f9aa480a..668a981c727 100644 --- a/2005/4xxx/CVE-2005-4631.json +++ b/2005/4xxx/CVE-2005-4631.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/zina-sql-injection-vulnerability.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/zina-sql-injection-vulnerability.html" - }, - { - "name" : "21306", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21306", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21306" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/zina-sql-injection-vulnerability.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/zina-sql-injection-vulnerability.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4659.json b/2005/4xxx/CVE-2005-4659.json index 19cc6082d43..424c6e95f3e 100644 --- a/2005/4xxx/CVE-2005-4659.json +++ b/2005/4xxx/CVE-2005-4659.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by \"nobody\", then executing ipcoprscfg to restore from this backup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1344032&group_id=40604&atid=428516", - "refsource" : "MISC", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1344032&group_id=40604&atid=428516" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=369759", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=369759" - }, - { - "name" : "15377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15377" - }, - { - "name" : "17513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17513/" - }, - { - "name" : "ipcop-backup-info-disclosure(23056)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by \"nobody\", then executing ipcoprscfg to restore from this backup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=369759", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=369759" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1344032&group_id=40604&atid=428516", + "refsource": "MISC", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1344032&group_id=40604&atid=428516" + }, + { + "name": "17513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17513/" + }, + { + "name": "15377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15377" + }, + { + "name": "ipcop-backup-info-disclosure(23056)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23056" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4776.json b/2005/4xxx/CVE-2005-4776.json index f8f85d34577..38db3d89a19 100644 --- a/2005/4xxx/CVE-2005-4776.json +++ b/2005/4xxx/CVE-2005-4776.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[source-changes] 20050913 CVS commit: [netbsd-3] src/sys/compat/freebsd", - "refsource" : "MLIST", - "url" : "http://mail-index.netbsd.org/source-changes/2005/09/13/0024.html" - }, - { - "name" : "NetBSD-SA2005-008", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-008.txt.asc" - }, - { - "name" : "20757", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[source-changes] 20050913 CVS commit: [netbsd-3] src/sys/compat/freebsd", + "refsource": "MLIST", + "url": "http://mail-index.netbsd.org/source-changes/2005/09/13/0024.html" + }, + { + "name": "NetBSD-SA2005-008", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-008.txt.asc" + }, + { + "name": "20757", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20757" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0285.json b/2009/0xxx/CVE-2009-0285.json index 5edaab83726..85eda5e817a 100644 --- a/2009/0xxx/CVE-2009-0285.json +++ b/2009/0xxx/CVE-2009-0285.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090123 BBSxp Xss vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500336/100/0/threaded" - }, - { - "name" : "33411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33411" - }, - { - "name" : "bbsxp-error-xss(48187)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090123 BBSxp Xss vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500336/100/0/threaded" + }, + { + "name": "bbsxp-error-xss(48187)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48187" + }, + { + "name": "33411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33411" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0486.json b/2009/0xxx/CVE-2009-0486.json index b03167a9b74..aa9e8ecdd66 100644 --- a/2009/0xxx/CVE-2009-0486.json +++ b/2009/0xxx/CVE-2009-0486.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.0.7/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.0.7/" - }, - { - "name" : "FEDORA-2009-2417", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html" - }, - { - "name" : "FEDORA-2009-2418", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html" - }, - { - "name" : "33581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33581" - }, - { - "name" : "34361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-2418", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html" + }, + { + "name": "FEDORA-2009-2417", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html" + }, + { + "name": "33581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33581" + }, + { + "name": "34361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34361" + }, + { + "name": "http://www.bugzilla.org/security/3.0.7/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.0.7/" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0637.json b/2009/0xxx/CVE-2009-0637.json index 15359a63557..f98646d5f0d 100644 --- a/2009/0xxx/CVE-2009-0637.json +++ b/2009/0xxx/CVE-2009-0637.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-0637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml" - }, - { - "name" : "20090325 Cisco IOS Software Secure Copy Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c8.shtml" - }, - { - "name" : "34247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34247" - }, - { - "name" : "1021899", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021899" - }, - { - "name" : "34438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34438" - }, - { - "name" : "ADV-2009-0851", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0851" - }, - { - "name" : "ios-scp-priv-escalation(49423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090325 Cisco IOS Software Secure Copy Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c8.shtml" + }, + { + "name": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml" + }, + { + "name": "34438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34438" + }, + { + "name": "1021899", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021899" + }, + { + "name": "ios-scp-priv-escalation(49423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49423" + }, + { + "name": "34247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34247" + }, + { + "name": "ADV-2009-0851", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0851" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0759.json b/2009/0xxx/CVE-2009-0759.json index 8a3863ea3bf..5f0d25a0492 100644 --- a/2009/0xxx/CVE-2009-0759.json +++ b/2009/0xxx/CVE-2009-0759.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090301 CVE id request: znc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/01/2" - }, - { - "name" : "http://znc.svn.sourceforge.net/viewvc/znc/trunk/modules/webadmin.cpp?view=log&sortby=rev&sortdir=down&pathrev=1395", - "refsource" : "CONFIRM", - "url" : "http://znc.svn.sourceforge.net/viewvc/znc/trunk/modules/webadmin.cpp?view=log&sortby=rev&sortdir=down&pathrev=1395" - }, - { - "name" : "http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1395", - "refsource" : "CONFIRM", - "url" : "http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1395" - }, - { - "name" : "http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1396", - "refsource" : "CONFIRM", - "url" : "http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1396" - }, - { - "name" : "DSA-1735", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1735" - }, - { - "name" : "52295", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52295" - }, - { - "name" : "34230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34230" + }, + { + "name": "DSA-1735", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1735" + }, + { + "name": "[oss-security] 20090301 CVE id request: znc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/01/2" + }, + { + "name": "http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1395", + "refsource": "CONFIRM", + "url": "http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1395" + }, + { + "name": "52295", + "refsource": "OSVDB", + "url": "http://osvdb.org/52295" + }, + { + "name": "http://znc.svn.sourceforge.net/viewvc/znc/trunk/modules/webadmin.cpp?view=log&sortby=rev&sortdir=down&pathrev=1395", + "refsource": "CONFIRM", + "url": "http://znc.svn.sourceforge.net/viewvc/znc/trunk/modules/webadmin.cpp?view=log&sortby=rev&sortdir=down&pathrev=1395" + }, + { + "name": "http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1396", + "refsource": "CONFIRM", + "url": "http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1396" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0761.json b/2009/0xxx/CVE-2009-0761.json index 34e1233d12a..7e0119c85ae 100644 --- a/2009/0xxx/CVE-2009-0761.json +++ b/2009/0xxx/CVE-2009-0761.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7982", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7982" - }, - { - "name" : "33614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33614" + }, + { + "name": "7982", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7982" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2255.json b/2009/2xxx/CVE-2009-2255.json index be7ea45221d..f5732c55dfe 100644 --- a/2009/2xxx/CVE-2009-2255.json +++ b/2009/2xxx/CVE-2009-2255.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9004", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9004" - }, - { - "name" : "http://www.zen-cart.com/forum/attachment.php?attachmentid=5965", - "refsource" : "CONFIRM", - "url" : "http://www.zen-cart.com/forum/attachment.php?attachmentid=5965" - }, - { - "name" : "http://www.zen-cart.com/forum/showthread.php?t=130161", - "refsource" : "CONFIRM", - "url" : "http://www.zen-cart.com/forum/showthread.php?t=130161" - }, - { - "name" : "35467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35467" - }, - { - "name" : "55344", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55344" - }, - { - "name" : "35550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35550" - }, - { - "name" : "zencart-recordcompany-code-execution(51316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35467" + }, + { + "name": "55344", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55344" + }, + { + "name": "http://www.zen-cart.com/forum/showthread.php?t=130161", + "refsource": "CONFIRM", + "url": "http://www.zen-cart.com/forum/showthread.php?t=130161" + }, + { + "name": "zencart-recordcompany-code-execution(51316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51316" + }, + { + "name": "http://www.zen-cart.com/forum/attachment.php?attachmentid=5965", + "refsource": "CONFIRM", + "url": "http://www.zen-cart.com/forum/attachment.php?attachmentid=5965" + }, + { + "name": "9004", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9004" + }, + { + "name": "35550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35550" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2632.json b/2009/2xxx/CVE-2009-2632.json index 4b24c63295e..55a4b1b18c8 100644 --- a/2009/2xxx/CVE-2009-2632.json +++ b/2009/2xxx/CVE-2009-2632.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-2632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Cyrus-CVS] 20090902 src/sieve by brong", - "refsource" : "MLIST", - "url" : "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html" - }, - { - "name" : "[Cyrus-CVS] 20090902 src/sieve by brong", - "refsource" : "MLIST", - "url" : "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html" - }, - { - "name" : "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin", - "refsource" : "MLIST", - "url" : "http://dovecot.org/list/dovecot-news/2009-September/000135.html" - }, - { - "name" : "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/14/3" - }, - { - "name" : "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "DSA-1881", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1881" - }, - { - "name" : "FEDORA-2009-9559", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "USN-838-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-838-1" - }, - { - "name" : "36296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36296" - }, - { - "name" : "36377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36377" - }, - { - "name" : "58103", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58103" - }, - { - "name" : "oval:org.mitre.oval:def:10082", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082" - }, - { - "name" : "36629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36629" - }, - { - "name" : "36632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36632" - }, - { - "name" : "36698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36698" - }, - { - "name" : "36713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36713" - }, - { - "name" : "36904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36904" - }, - { - "name" : "ADV-2009-2559", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2559" - }, - { - "name" : "ADV-2009-2641", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36377" + }, + { + "name": "DSA-1881", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1881" + }, + { + "name": "36713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36713" + }, + { + "name": "[Cyrus-CVS] 20090902 src/sieve by brong", + "refsource": "MLIST", + "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html" + }, + { + "name": "36629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36629" + }, + { + "name": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail", + "refsource": "CONFIRM", + "url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail" + }, + { + "name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin", + "refsource": "MLIST", + "url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "[Cyrus-CVS] 20090902 src/sieve by brong", + "refsource": "MLIST", + "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html" + }, + { + "name": "36632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36632" + }, + { + "name": "USN-838-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-838-1" + }, + { + "name": "58103", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58103" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "36904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36904" + }, + { + "name": "36698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36698" + }, + { + "name": "36296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36296" + }, + { + "name": "ADV-2009-2641", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2641" + }, + { + "name": "ADV-2009-2559", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2559" + }, + { + "name": "FEDORA-2009-9559", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html" + }, + { + "name": "oval:org.mitre.oval:def:10082", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082" + }, + { + "name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/14/3" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3051.json b/2009/3xxx/CVE-2009-3051.json index 8f6caef789d..6d20a71d97d 100644 --- a/2009/3xxx/CVE-2009-3051.json +++ b/2009/3xxx/CVE-2009-3051.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090831 CVE id request: silc-toolkit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/31/5" - }, - { - "name" : "[oss-security] 20090903 Re: CVE id request: silc-toolkit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/03/5" - }, - { - "name" : "http://silcnet.org/docs/changelog/SILC%20Client%201.1.8", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/docs/changelog/SILC%20Client%201.1.8" - }, - { - "name" : "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10" - }, - { - "name" : "http://silcnet.org/docs/release/SILC%20Client%201.1.8", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/docs/release/SILC%20Client%201.1.8" - }, - { - "name" : "http://silcnet.org/general/news/news_client.php", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/general/news/news_client.php" - }, - { - "name" : "http://silcnet.org/general/news/news_toolkit.php", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/general/news/news_toolkit.php" - }, - { - "name" : "DSA-1879", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1879" - }, - { - "name" : "MDVSA-2009:234", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:234" - }, - { - "name" : "MDVSA-2009:235", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:235" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "35940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35940" - }, - { - "name" : "36134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36134" - }, - { - "name" : "36614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36614" - }, - { - "name" : "ADV-2009-2150", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2150", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2150" + }, + { + "name": "[oss-security] 20090831 CVE id request: silc-toolkit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/31/5" + }, + { + "name": "36134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36134" + }, + { + "name": "http://silcnet.org/general/news/news_client.php", + "refsource": "CONFIRM", + "url": "http://silcnet.org/general/news/news_client.php" + }, + { + "name": "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10", + "refsource": "CONFIRM", + "url": "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10" + }, + { + "name": "36614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36614" + }, + { + "name": "http://silcnet.org/docs/release/SILC%20Client%201.1.8", + "refsource": "CONFIRM", + "url": "http://silcnet.org/docs/release/SILC%20Client%201.1.8" + }, + { + "name": "MDVSA-2009:235", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:235" + }, + { + "name": "[oss-security] 20090903 Re: CVE id request: silc-toolkit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/03/5" + }, + { + "name": "DSA-1879", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1879" + }, + { + "name": "http://silcnet.org/general/news/news_toolkit.php", + "refsource": "CONFIRM", + "url": "http://silcnet.org/general/news/news_toolkit.php" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "35940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35940" + }, + { + "name": "http://silcnet.org/docs/changelog/SILC%20Client%201.1.8", + "refsource": "CONFIRM", + "url": "http://silcnet.org/docs/changelog/SILC%20Client%201.1.8" + }, + { + "name": "MDVSA-2009:234", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:234" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3336.json b/2009/3xxx/CVE-2009-3336.json index 46fe5729ab3..0fa0fcbcd3b 100644 --- a/2009/3xxx/CVE-2009-3336.json +++ b/2009/3xxx/CVE-2009-3336.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9665", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9665" - }, - { - "name" : "36389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36389" - }, - { - "name" : "ADV-2009-2661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36389" + }, + { + "name": "9665", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9665" + }, + { + "name": "ADV-2009-2661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2661" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3359.json b/2009/3xxx/CVE-2009-3359.json index 38110c70f14..2625942b639 100644 --- a/2009/3xxx/CVE-2009-3359.json +++ b/2009/3xxx/CVE-2009-3359.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0909-exploits/matchagencybiz-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0909-exploits/matchagencybiz-xss.txt" - }, - { - "name" : "57968", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57968" - }, - { - "name" : "57969", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57969" - }, - { - "name" : "36672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36672" - }, - { - "name" : "matchagencybiz-editprofile-xss(53173)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57969", + "refsource": "OSVDB", + "url": "http://osvdb.org/57969" + }, + { + "name": "57968", + "refsource": "OSVDB", + "url": "http://osvdb.org/57968" + }, + { + "name": "http://packetstormsecurity.org/0909-exploits/matchagencybiz-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0909-exploits/matchagencybiz-xss.txt" + }, + { + "name": "36672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36672" + }, + { + "name": "matchagencybiz-editprofile-xss(53173)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53173" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3433.json b/2009/3xxx/CVE-2009-3433.json index 2cdc6c907d6..ea1389f6385 100644 --- a/2009/3xxx/CVE-2009-3433.json +++ b/2009/3xxx/CVE-2009-3433.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "267148", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-267148-1" - }, - { - "name" : "36486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36486" - }, - { - "name" : "58277", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58277" - }, - { - "name" : "1022937", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022937" - }, - { - "name" : "36816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36816" - }, - { - "name" : "ADV-2009-2729", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2729" - }, - { - "name" : "solaris-cluster-clsetup-priv-escalation(53426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36816" + }, + { + "name": "solaris-cluster-clsetup-priv-escalation(53426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53426" + }, + { + "name": "ADV-2009-2729", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2729" + }, + { + "name": "1022937", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022937" + }, + { + "name": "58277", + "refsource": "OSVDB", + "url": "http://osvdb.org/58277" + }, + { + "name": "36486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36486" + }, + { + "name": "267148", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-267148-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4699.json b/2009/4xxx/CVE-2009-4699.json index eefd9764712..9f15bf167ae 100644 --- a/2009/4xxx/CVE-2009-4699.json +++ b/2009/4xxx/CVE-2009-4699.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9260", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9260" - }, - { - "name" : "35813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35813" - }, - { - "name" : "56544", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56544" - }, - { - "name" : "56545", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56545" - }, - { - "name" : "35997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35997" - }, - { - "name" : "skadate-auth-fileuploader-xss(52004)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56545", + "refsource": "OSVDB", + "url": "http://osvdb.org/56545" + }, + { + "name": "56544", + "refsource": "OSVDB", + "url": "http://osvdb.org/56544" + }, + { + "name": "skadate-auth-fileuploader-xss(52004)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52004" + }, + { + "name": "35813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35813" + }, + { + "name": "35997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35997" + }, + { + "name": "9260", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9260" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2615.json b/2012/2xxx/CVE-2012-2615.json index 84bbcc527dd..c3801466e44 100644 --- a/2012/2xxx/CVE-2012-2615.json +++ b/2012/2xxx/CVE-2012-2615.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2615", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5703. Reason: This candidate is a duplicate of CVE-2012-5703. Notes: All CVE users should reference CVE-2012-5703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2615", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5703. Reason: This candidate is a duplicate of CVE-2012-5703. Notes: All CVE users should reference CVE-2012-5703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0025.json b/2015/0xxx/CVE-2015-0025.json index 1b466beecab..2fedae327f8 100644 --- a/2015/0xxx/CVE-2015-0025.json +++ b/2015/0xxx/CVE-2015-0025.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0023." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72439" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0023." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + }, + { + "name": "72439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72439" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0291.json b/2015/0xxx/CVE-2015-0291.json index 064be12180a..3b0e4ee2a9b 100644 --- a/2015/0xxx/CVE-2015-0291.json +++ b/2015/0xxx/CVE-2015-0291.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202338", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202338" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=76343947ada960b6269090638f5391068daee88d", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=76343947ada960b6269090638f5391068daee88d" - }, - { - "name" : "https://www.openssl.org/news/secadv_20150319.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20150319.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa92", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa92" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10110", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10110" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "GLSA-201503-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-11" - }, - { - "name" : "HPSBMU03380", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2" - }, - { - "name" : "HPSBMU03397", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050297101809&w=2" - }, - { - "name" : "HPSBMU03409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" - }, - { - "name" : "73235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73235" - }, - { - "name" : "1031929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110" + }, + { + "name": "73235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73235" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "HPSBMU03409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa92", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa92" + }, + { + "name": "https://www.openssl.org/news/secadv_20150319.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20150319.txt" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=76343947ada960b6269090638f5391068daee88d", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=76343947ada960b6269090638f5391068daee88d" + }, + { + "name": "HPSBMU03380", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "HPSBMU03397", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2" + }, + { + "name": "1031929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031929" + }, + { + "name": "GLSA-201503-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-11" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202338", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202338" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0407.json b/2015/0xxx/CVE-2015-0407.json index b3b1b98a0a7..ed2d011f1c9 100644 --- a/2015/0xxx/CVE-2015-0407.json +++ b/2015/0xxx/CVE-2015-0407.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", - "refsource" : "CONFIRM", - "url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" - }, - { - "name" : "DSA-3144", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3144" - }, - { - "name" : "DSA-3147", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3147" - }, - { - "name" : "GLSA-201603-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-14" - }, - { - "name" : "GLSA-201507-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-14" - }, - { - "name" : "HPSBUX03273", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2" - }, - { - "name" : "SSRT101951", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2" - }, - { - "name" : "HPSBUX03281", - "refsource" : "HP", - "url" : "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" - }, - { - "name" : "SSRT101968", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142607790919348&w=2" - }, - { - "name" : "RHSA-2015:0136", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0136.html" - }, - { - "name" : "RHSA-2015:0068", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0068.html" - }, - { - "name" : "RHSA-2015:0079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0079.html" - }, - { - "name" : "RHSA-2015:0080", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0080.html" - }, - { - "name" : "RHSA-2015:0085", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0085.html" - }, - { - "name" : "RHSA-2015:0086", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0086.html" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "SUSE-SU-2015:0336", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:0190", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:0503", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" - }, - { - "name" : "USN-2486-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2486-1" - }, - { - "name" : "USN-2487-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2487-1" - }, - { - "name" : "72162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72162" - }, - { - "name" : "1031580", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031580" - }, - { - "name" : "oracle-cpujan2015-cve20150407(100150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:0503", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" + }, + { + "name": "DSA-3144", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3144" + }, + { + "name": "RHSA-2015:0136", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0136.html" + }, + { + "name": "RHSA-2015:0079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "USN-2487-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2487-1" + }, + { + "name": "RHSA-2015:0085", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html" + }, + { + "name": "oracle-cpujan2015-cve20150407(100150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100150" + }, + { + "name": "72162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72162" + }, + { + "name": "RHSA-2015:0086", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html" + }, + { + "name": "GLSA-201603-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-14" + }, + { + "name": "SUSE-SU-2015:0336", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" + }, + { + "name": "RHSA-2015:0080", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html" + }, + { + "name": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", + "refsource": "CONFIRM", + "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474" + }, + { + "name": "RHSA-2015:0068", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html" + }, + { + "name": "USN-2486-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2486-1" + }, + { + "name": "GLSA-201507-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-14" + }, + { + "name": "SSRT101951", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" + }, + { + "name": "HPSBUX03281", + "refsource": "HP", + "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" + }, + { + "name": "SSRT101968", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2" + }, + { + "name": "openSUSE-SU-2015:0190", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" + }, + { + "name": "HPSBUX03273", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" + }, + { + "name": "1031580", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031580" + }, + { + "name": "DSA-3147", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3147" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0653.json b/2015/0xxx/CVE-2015-0653.json index fb2c3136d3e..a82a1365dd6 100644 --- a/2015/0xxx/CVE-2015-0653.json +++ b/2015/0xxx/CVE-2015-0653.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150311 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs" - }, - { - "name" : "1031910", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031910", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031910" + }, + { + "name": "20150311 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0876.json b/2015/0xxx/CVE-2015-0876.json index 80891ab016e..152da3ba364 100644 --- a/2015/0xxx/CVE-2015-0876.json +++ b/2015/0xxx/CVE-2015-0876.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-0876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sauruscms/Saurus-CMS-Community-Edition/commit/1bc272874a86eaab99dccd00b29177423fd83877", - "refsource" : "CONFIRM", - "url" : "https://github.com/sauruscms/Saurus-CMS-Community-Edition/commit/1bc272874a86eaab99dccd00b29177423fd83877" - }, - { - "name" : "JVN#18387086", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN18387086/index.html" - }, - { - "name" : "JVNDB-2015-000017", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2015-000017", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000017" + }, + { + "name": "JVN#18387086", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN18387086/index.html" + }, + { + "name": "https://github.com/sauruscms/Saurus-CMS-Community-Edition/commit/1bc272874a86eaab99dccd00b29177423fd83877", + "refsource": "CONFIRM", + "url": "https://github.com/sauruscms/Saurus-CMS-Community-Edition/commit/1bc272874a86eaab99dccd00b29177423fd83877" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1023.json b/2015/1xxx/CVE-2015-1023.json index f1a74542a53..a3ec18ba704 100644 --- a/2015/1xxx/CVE-2015-1023.json +++ b/2015/1xxx/CVE-2015-1023.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1023", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1023", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1157.json b/2015/1xxx/CVE-2015-1157.json index 7fdff801922..51118333d6d 100644 --- a/2015/1xxx/CVE-2015-1157.json +++ b/2015/1xxx/CVE-2015-1157.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/", - "refsource" : "MISC", - "url" : "http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/" - }, - { - "name" : "http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083", - "refsource" : "MISC", - "url" : "http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083" - }, - { - "name" : "http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/", - "refsource" : "MISC", - "url" : "http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/" - }, - { - "name" : "http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/", - "refsource" : "MISC", - "url" : "http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/" - }, - { - "name" : "http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/", - "refsource" : "MISC", - "url" : "http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/" - }, - { - "name" : "http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/", - "refsource" : "MISC", - "url" : "http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/" - }, - { - "name" : "https://ghostbin.com/paste/zws9m", - "refsource" : "MISC", - "url" : "https://ghostbin.com/paste/zws9m" - }, - { - "name" : "http://support.apple.com/kb/HT204941", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204941" - }, - { - "name" : "http://support.apple.com/kb/HT204942", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204942" - }, - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "APPLE-SA-2015-06-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-06-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "75491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75491" - }, - { - "name" : "1032408", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "75491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75491" + }, + { + "name": "http://support.apple.com/kb/HT204941", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204941" + }, + { + "name": "http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/", + "refsource": "MISC", + "url": "http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/" + }, + { + "name": "https://ghostbin.com/paste/zws9m", + "refsource": "MISC", + "url": "https://ghostbin.com/paste/zws9m" + }, + { + "name": "http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/", + "refsource": "MISC", + "url": "http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/" + }, + { + "name": "1032408", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032408" + }, + { + "name": "APPLE-SA-2015-06-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" + }, + { + "name": "http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/", + "refsource": "MISC", + "url": "http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/" + }, + { + "name": "http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/", + "refsource": "MISC", + "url": "http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT204942", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204942" + }, + { + "name": "APPLE-SA-2015-06-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" + }, + { + "name": "http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/", + "refsource": "MISC", + "url": "http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/" + }, + { + "name": "http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083", + "refsource": "MISC", + "url": "http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1506.json b/2015/1xxx/CVE-2015-1506.json index b7470f4b021..c3400a1c639 100644 --- a/2015/1xxx/CVE-2015-1506.json +++ b/2015/1xxx/CVE-2015-1506.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1506", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1506", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1612.json b/2015/1xxx/CVE-2015-1612.json index d743414b202..28c3f2546f5 100644 --- a/2015/1xxx/CVE-2015-1612.json +++ b/2015/1xxx/CVE-2015-1612.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka \"LLDP Relay.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.internetsociety.org/sites/default/files/10_4_2.pdf", - "refsource" : "MISC", - "url" : "http://www.internetsociety.org/sites/default/files/10_4_2.pdf" - }, - { - "name" : "https://cloudrouter.org/security/", - "refsource" : "CONFIRM", - "url" : "https://cloudrouter.org/security/" - }, - { - "name" : "https://git.opendaylight.org/gerrit/#/c/16193/", - "refsource" : "CONFIRM", - "url" : "https://git.opendaylight.org/gerrit/#/c/16193/" - }, - { - "name" : "https://git.opendaylight.org/gerrit/#/c/16208/", - "refsource" : "CONFIRM", - "url" : "https://git.opendaylight.org/gerrit/#/c/16208/" - }, - { - "name" : "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP", - "refsource" : "CONFIRM", - "url" : "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP" - }, - { - "name" : "73254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka \"LLDP Relay.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.opendaylight.org/gerrit/#/c/16208/", + "refsource": "CONFIRM", + "url": "https://git.opendaylight.org/gerrit/#/c/16208/" + }, + { + "name": "http://www.internetsociety.org/sites/default/files/10_4_2.pdf", + "refsource": "MISC", + "url": "http://www.internetsociety.org/sites/default/files/10_4_2.pdf" + }, + { + "name": "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP", + "refsource": "CONFIRM", + "url": "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP" + }, + { + "name": "73254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73254" + }, + { + "name": "https://git.opendaylight.org/gerrit/#/c/16193/", + "refsource": "CONFIRM", + "url": "https://git.opendaylight.org/gerrit/#/c/16193/" + }, + { + "name": "https://cloudrouter.org/security/", + "refsource": "CONFIRM", + "url": "https://cloudrouter.org/security/" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5179.json b/2015/5xxx/CVE-2015-5179.json index 2e7e7ff5e14..39ecf85abbc 100644 --- a/2015/5xxx/CVE-2015-5179.json +++ b/2015/5xxx/CVE-2015-5179.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeIPA might display user data improperly via vectors involving non-printable characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pagure.io/freeipa/issue/5153", - "refsource" : "MISC", - "url" : "https://pagure.io/freeipa/issue/5153" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1252567", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1252567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeIPA might display user data improperly via vectors involving non-printable characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252567", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252567" + }, + { + "name": "https://pagure.io/freeipa/issue/5153", + "refsource": "MISC", + "url": "https://pagure.io/freeipa/issue/5153" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5577.json b/2015/5xxx/CVE-2015-5577.json index 56f15dbc0c4..179e705220f 100644 --- a/2015/5xxx/CVE-2015-5577.json +++ b/2015/5xxx/CVE-2015-5577.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76799" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "76799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76799" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5630.json b/2015/5xxx/CVE-2015-5630.json index 0fce3af5619..e4dbf67105a 100644 --- a/2015/5xxx/CVE-2015-5630.json +++ b/2015/5xxx/CVE-2015-5630.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://itunes.apple.com/en/app/japan-connected-free-wi-fi/id810838196?mt=8", - "refsource" : "MISC", - "url" : "https://itunes.apple.com/en/app/japan-connected-free-wi-fi/id810838196?mt=8" - }, - { - "name" : "https://play.google.com/store/apps/details?id=com.nttbp.jfw", - "refsource" : "MISC", - "url" : "https://play.google.com/store/apps/details?id=com.nttbp.jfw" - }, - { - "name" : "JVN#41048401", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN41048401/index.html" - }, - { - "name" : "JVNDB-2015-000116", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#41048401", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN41048401/index.html" + }, + { + "name": "https://itunes.apple.com/en/app/japan-connected-free-wi-fi/id810838196?mt=8", + "refsource": "MISC", + "url": "https://itunes.apple.com/en/app/japan-connected-free-wi-fi/id810838196?mt=8" + }, + { + "name": "https://play.google.com/store/apps/details?id=com.nttbp.jfw", + "refsource": "MISC", + "url": "https://play.google.com/store/apps/details?id=com.nttbp.jfw" + }, + { + "name": "JVNDB-2015-000116", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000116" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5703.json b/2015/5xxx/CVE-2015-5703.json index 03bbb3d661a..341cd6b80c7 100644 --- a/2015/5xxx/CVE-2015-5703.json +++ b/2015/5xxx/CVE-2015-5703.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150923 Open-Xchange Security Advisory 2015-09-23", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536523/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/133672/Guard-2.0.0-rev7-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133672/Guard-2.0.0-rev7-SQL-Injection.html" - }, - { - "name" : "http://software.open-xchange.com/products/guard/doc/Release_Notes_for_Patch_Release_2626_7.6.2_2015-08-03.pdf", - "refsource" : "CONFIRM", - "url" : "http://software.open-xchange.com/products/guard/doc/Release_Notes_for_Patch_Release_2626_7.6.2_2015-08-03.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150923 Open-Xchange Security Advisory 2015-09-23", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536523/100/0/threaded" + }, + { + "name": "http://software.open-xchange.com/products/guard/doc/Release_Notes_for_Patch_Release_2626_7.6.2_2015-08-03.pdf", + "refsource": "CONFIRM", + "url": "http://software.open-xchange.com/products/guard/doc/Release_Notes_for_Patch_Release_2626_7.6.2_2015-08-03.pdf" + }, + { + "name": "http://packetstormsecurity.com/files/133672/Guard-2.0.0-rev7-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133672/Guard-2.0.0-rev7-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3241.json b/2018/3xxx/CVE-2018-3241.json index ec86f755c23..e1d2808c45f 100644 --- a/2018/3xxx/CVE-2018-3241.json +++ b/2018/3xxx/CVE-2018-3241.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Primavera P6 Enterprise Project Portfolio Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.4" - }, - { - "version_affected" : "=", - "version_value" : "15.1" - }, - { - "version_affected" : "=", - "version_value" : "15.2" - }, - { - "version_affected" : "=", - "version_value" : "16.1" - }, - { - "version_affected" : "=", - "version_value" : "16.2" - }, - { - "version_affected" : "=", - "version_value" : "17.7 - 17.12" - }, - { - "version_affected" : "=", - "version_value" : "18.8" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7 - 17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Enterprise Project Portfolio Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.4" + }, + { + "version_affected": "=", + "version_value": "15.1" + }, + { + "version_affected": "=", + "version_value": "15.2" + }, + { + "version_affected": "=", + "version_value": "16.1" + }, + { + "version_affected": "=", + "version_value": "16.2" + }, + { + "version_affected": "=", + "version_value": "17.7 - 17.12" + }, + { + "version_affected": "=", + "version_value": "18.8" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7 - 17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105621" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3899.json b/2018/3xxx/CVE-2018-3899.json index 1152f333b9d..851e33478ee 100644 --- a/2018/3xxx/CVE-2018-3899.json +++ b/2018/3xxx/CVE-2018-3899.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2018-3899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Yi Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Yi Technology Home Camera 27US 1.8.7.0D" - } - ] - } - } - ] - }, - "vendor_name" : "unknown" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2018-3899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yi Technology", + "version": { + "version_data": [ + { + "version_value": "Yi Technology Home Camera 27US 1.8.7.0D" + } + ] + } + } + ] + }, + "vendor_name": "unknown" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0571", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0571", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0571" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6297.json b/2018/6xxx/CVE-2018-6297.json index 2a9d10e6ce5..eea841354fb 100644 --- a/2018/6xxx/CVE-2018-6297.json +++ b/2018/6xxx/CVE-2018-6297.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2018-03-12T00:00:00", - "ID" : "CVE-2018-6297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hanwha Techwin Smartcams", - "version" : { - "version_data" : [ - { - "version_value" : "7.55" - } - ] - } - } - ] - }, - "vendor_name" : "Hanwha Techwin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Hanwha Techwin Smartcams" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2018-03-12T00:00:00", + "ID": "CVE-2018-6297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hanwha Techwin Smartcams", + "version": { + "version_data": [ + { + "version_value": "7.55" + } + ] + } + } + ] + }, + "vendor_name": "Hanwha Techwin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/", - "refsource" : "MISC", - "url" : "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Hanwha Techwin Smartcams" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/", + "refsource": "MISC", + "url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7046.json b/2018/7xxx/CVE-2018-7046.json index a2e3f60a74c..54093115022 100644 --- a/2018/7xxx/CVE-2018-7046.json +++ b/2018/7xxx/CVE-2018-7046.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a \"Pages -> Edit -> Template -> Edit template properties -> Layout\" box. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180217 Kentico CMS version 9 through 11 - Arbitrary Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541790/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a \"Pages -> Edit -> Template -> Edit template properties -> Layout\" box. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180217 Kentico CMS version 9 through 11 - Arbitrary Code Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541790/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7501.json b/2018/7xxx/CVE-2018-7501.json index 7b87af4d928..548e8a2bf52 100644 --- a/2018/7xxx/CVE-2018-7501.json +++ b/2018/7xxx/CVE-2018-7501.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-05-15T00:00:00", - "ID" : "CVE-2018-7501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "Advantech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-05-15T00:00:00", + "ID": "CVE-2018-7501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebAccess", + "version": { + "version_data": [ + { + "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." + } + ] + } + } + ] + }, + "vendor_name": "Advantech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "name" : "104190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104190" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7614.json b/2018/7xxx/CVE-2018-7614.json index fcc97208331..bc6cee5a750 100644 --- a/2018/7xxx/CVE-2018-7614.json +++ b/2018/7xxx/CVE-2018-7614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7614", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7614", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7955.json b/2018/7xxx/CVE-2018-7955.json index 83bf1d71270..80161b2f15b 100644 --- a/2018/7xxx/CVE-2018-7955.json +++ b/2018/7xxx/CVE-2018-7955.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7955", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7955", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8000.json b/2018/8xxx/CVE-2018-8000.json index fa9a8fdbb47..92f42bf3702 100644 --- a/2018/8xxx/CVE-2018-8000.json +++ b/2018/8xxx/CVE-2018-8000.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1548918", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1548918" - }, - { - "name" : "https://sourceforge.net/p/podofo/tickets/13/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/podofo/tickets/13/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1548918", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548918" + }, + { + "name": "https://sourceforge.net/p/podofo/tickets/13/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/podofo/tickets/13/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8008.json b/2018/8xxx/CVE-2018-8008.json index 43aa56cc931..0939c6fd27f 100644 --- a/2018/8xxx/CVE-2018-8008.json +++ b/2018/8xxx/CVE-2018-8008.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-8008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Storm", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary File Write" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-06-05T00:00:00", + "ID": "CVE-2018-8008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Storm", + "version": { + "version_data": [ + { + "version_value": "Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58@%3Cdev.storm.apache.org%3E", - "refsource" : "CONFIRM", - "url" : "https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58@%3Cdev.storm.apache.org%3E" - }, - { - "name" : "104418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58@%3Cdev.storm.apache.org%3E", + "refsource": "CONFIRM", + "url": "https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58@%3Cdev.storm.apache.org%3E" + }, + { + "name": "104418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104418" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8594.json b/2018/8xxx/CVE-2018-8594.json index fbb7a20d002..f8bc2c20406 100644 --- a/2018/8xxx/CVE-2018-8594.json +++ b/2018/8xxx/CVE-2018-8594.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8594", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8594", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8925.json b/2018/8xxx/CVE-2018-8925.json index 5449c97d999..72a521024f8 100644 --- a/2018/8xxx/CVE-2018-8925.json +++ b/2018/8xxx/CVE-2018-8925.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-06-08T00:00:00", - "ID" : "CVE-2018-8925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Photo Station", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.8.5-3471" - }, - { - "affected" : "<", - "version_value" : "6.3-2975" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-06-08T00:00:00", + "ID": "CVE-2018-8925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photo Station", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.8.5-3471" + }, + { + "affected": "<", + "version_value": "6.3-2975" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15", + "refsource": "CONFIRM", + "url": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15" + } + ] + } +} \ No newline at end of file