From a9bbbba900dc5378329a2b2902a0ee12e3b27f34 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:47:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0592.json | 210 ++++++++++++------------- 2005/0xxx/CVE-2005-0668.json | 130 +++++++-------- 2005/1xxx/CVE-2005-1465.json | 180 ++++++++++----------- 2005/1xxx/CVE-2005-1813.json | 150 +++++++++--------- 2005/1xxx/CVE-2005-1942.json | 160 +++++++++---------- 2005/3xxx/CVE-2005-3399.json | 130 +++++++-------- 2005/3xxx/CVE-2005-3536.json | 150 +++++++++--------- 2005/3xxx/CVE-2005-3838.json | 170 ++++++++++---------- 2005/4xxx/CVE-2005-4108.json | 34 ++-- 2005/4xxx/CVE-2005-4432.json | 180 ++++++++++----------- 2005/4xxx/CVE-2005-4510.json | 170 ++++++++++---------- 2005/4xxx/CVE-2005-4591.json | 200 +++++++++++------------ 2009/0xxx/CVE-2009-0318.json | 200 +++++++++++------------ 2009/0xxx/CVE-2009-0453.json | 140 ++++++++--------- 2009/0xxx/CVE-2009-0769.json | 150 +++++++++--------- 2009/0xxx/CVE-2009-0842.json | 220 +++++++++++++------------- 2009/1xxx/CVE-2009-1047.json | 130 +++++++-------- 2009/1xxx/CVE-2009-1083.json | 180 ++++++++++----------- 2009/1xxx/CVE-2009-1558.json | 150 +++++++++--------- 2009/1xxx/CVE-2009-1635.json | 280 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1825.json | 140 ++++++++--------- 2009/3xxx/CVE-2009-3584.json | 150 +++++++++--------- 2009/4xxx/CVE-2009-4222.json | 130 +++++++-------- 2009/4xxx/CVE-2009-4231.json | 120 +++++++------- 2009/4xxx/CVE-2009-4551.json | 130 +++++++-------- 2012/2xxx/CVE-2012-2297.json | 190 +++++++++++----------- 2012/2xxx/CVE-2012-2424.json | 150 +++++++++--------- 2012/2xxx/CVE-2012-2549.json | 140 ++++++++--------- 2012/6xxx/CVE-2012-6122.json | 34 ++-- 2012/6xxx/CVE-2012-6702.json | 190 +++++++++++----------- 2015/1xxx/CVE-2015-1329.json | 140 ++++++++--------- 2015/1xxx/CVE-2015-1471.json | 180 ++++++++++----------- 2015/1xxx/CVE-2015-1605.json | 140 ++++++++--------- 2015/1xxx/CVE-2015-1673.json | 140 ++++++++--------- 2015/5xxx/CVE-2015-5228.json | 150 +++++++++--------- 2015/5xxx/CVE-2015-5574.json | 250 ++++++++++++++--------------- 2018/11xxx/CVE-2018-11148.json | 140 ++++++++--------- 2018/11xxx/CVE-2018-11560.json | 120 +++++++------- 2018/11xxx/CVE-2018-11822.json | 120 +++++++------- 2018/15xxx/CVE-2018-15004.json | 130 +++++++-------- 2018/15xxx/CVE-2018-15429.json | 154 +++++++++--------- 2018/15xxx/CVE-2018-15533.json | 130 +++++++-------- 2018/3xxx/CVE-2018-3151.json | 198 +++++++++++------------ 2018/3xxx/CVE-2018-3352.json | 34 ++-- 2018/3xxx/CVE-2018-3696.json | 130 +++++++-------- 2018/3xxx/CVE-2018-3707.json | 34 ++-- 2018/8xxx/CVE-2018-8357.json | 280 ++++++++++++++++----------------- 2018/8xxx/CVE-2018-8406.json | 240 ++++++++++++++-------------- 2018/8xxx/CVE-2018-8948.json | 120 +++++++------- 49 files changed, 3759 insertions(+), 3759 deletions(-) diff --git a/2005/0xxx/CVE-2005-0592.json b/2005/0xxx/CVE-2005-0592.json index 63cc5d7c466..a3fe3562465 100644 --- a/2005/0xxx/CVE-2005-0592.json +++ b/2005/0xxx/CVE-2005-0592.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-15.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=241440", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=241440" - }, - { - "name" : "GLSA-200503-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" - }, - { - "name" : "GLSA-200503-30", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" - }, - { - "name" : "RHSA-2005:176", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "12659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12659" - }, - { - "name" : "oval:org.mitre.oval:def:100043", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043" - }, - { - "name" : "oval:org.mitre.oval:def:10606", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12659" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-15.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-15.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=241440", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=241440" + }, + { + "name": "oval:org.mitre.oval:def:100043", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043" + }, + { + "name": "RHSA-2005:176", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-176.html" + }, + { + "name": "GLSA-200503-30", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" + }, + { + "name": "GLSA-200503-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "oval:org.mitre.oval:def:10606", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0668.json b/2005/0xxx/CVE-2005-0668.json index 1ae6c611a74..abac222c132 100644 --- a/2005/0xxx/CVE-2005-0668.json +++ b/2005/0xxx/CVE-2005-0668.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bemberg.de/server-side/index.htm", - "refsource" : "CONFIRM", - "url" : "http://www.bemberg.de/server-side/index.htm" - }, - { - "name" : "1013370", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013370", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013370" + }, + { + "name": "http://www.bemberg.de/server-side/index.htm", + "refsource": "CONFIRM", + "url": "http://www.bemberg.de/server-side/index.htm" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1465.json b/2005/1xxx/CVE-2005-1465.json index 6a1a24a28d6..6381ee7cd16 100644 --- a/2005/1xxx/CVE-2005-1465.json +++ b/2005/1xxx/CVE-2005-1465.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (long loop)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html" - }, - { - "name" : "http://www.ethereal.com/news/item_20050504_01.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/news/item_20050504_01.html" - }, - { - "name" : "CLSA-2005:963", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "RHSA-2005:427", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-427.html" - }, - { - "name" : "13504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13504" - }, - { - "name" : "oval:org.mitre.oval:def:10224", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (long loop)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13504" + }, + { + "name": "RHSA-2005:427", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-427.html" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00019.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00019.html" + }, + { + "name": "oval:org.mitre.oval:def:10224", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10224" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "CLSA-2005:963", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" + }, + { + "name": "http://www.ethereal.com/news/item_20050504_01.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/news/item_20050504_01.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1813.json b/2005/1xxx/CVE-2005-1813.json index c0f041b487e..f8fb561da8b 100644 --- a/2005/1xxx/CVE-2005-1813.json +++ b/2005/1xxx/CVE-2005-1813.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) \"../\" (dot dot slash) or (2) \"..\\\" (dot dot backslash) sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.security.org.sg/vuln/tftp2000-1001.html", - "refsource" : "MISC", - "url" : "http://www.security.org.sg/vuln/tftp2000-1001.html" - }, - { - "name" : "13821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13821" - }, - { - "name" : "1014079", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014079" - }, - { - "name" : "15539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) \"../\" (dot dot slash) or (2) \"..\\\" (dot dot backslash) sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15539" + }, + { + "name": "13821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13821" + }, + { + "name": "1014079", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014079" + }, + { + "name": "http://www.security.org.sg/vuln/tftp2000-1001.html", + "refsource": "MISC", + "url": "http://www.security.org.sg/vuln/tftp2000-1001.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1942.json b/2005/1xxx/CVE-2005-1942.json index dd573ffdc16..494dd4a7d76 100644 --- a/2005/1xxx/CVE-2005-1942.json +++ b/2005/1xxx/CVE-2005-1942.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050610 Voice VLAN Access/Abuse Possible on Cisco voice-enabled, 802.1x-secured Interfaces Vulnerability Discovery: FishNet Security", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111842833009771&w=2" - }, - { - "name" : "http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.pdf", - "refsource" : "MISC", - "url" : "http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.pdf" - }, - { - "name" : "20050608 Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml" - }, - { - "name" : "1014135", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Jun/1014135.html" - }, - { - "name" : "cisco-callmanager-voice-gain-access(20939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014135", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Jun/1014135.html" + }, + { + "name": "20050608 Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml" + }, + { + "name": "http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.pdf", + "refsource": "MISC", + "url": "http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.pdf" + }, + { + "name": "20050610 Voice VLAN Access/Abuse Possible on Cisco voice-enabled, 802.1x-secured Interfaces Vulnerability Discovery: FishNet Security", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111842833009771&w=2" + }, + { + "name": "cisco-callmanager-voice-gain-access(20939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20939" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3399.json b/2005/3xxx/CVE-2005-3399.json index 8b688ea0e2f..2c648dedaa6 100644 --- a/2005/3xxx/CVE-2005-3399.json +++ b/2005/3xxx/CVE-2005-3399.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113026417802703&w=2" - }, - { - "name" : "20051026 Update for the magic byte bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113036131526435&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051026 Update for the magic byte bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113036131526435&w=2" + }, + { + "name": "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113026417802703&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3536.json b/2005/3xxx/CVE-2005-3536.json index 20b886df14f..f771721658d 100644 --- a/2005/3xxx/CVE-2005-3536.json +++ b/2005/3xxx/CVE-2005-3536.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-925", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-925" - }, - { - "name" : "15246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15246" - }, - { - "name" : "22270", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22270" - }, - { - "name" : "18098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15246" + }, + { + "name": "DSA-925", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-925" + }, + { + "name": "22270", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22270" + }, + { + "name": "18098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18098" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3838.json b/2005/3xxx/CVE-2005-3838.json index 6174a9dd20f..6d1419fc819 100644 --- a/2005/3xxx/CVE-2005-3838.json +++ b/2005/3xxx/CVE-2005-3838.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status, (4) Category, (5) searchvalue, and (6) field parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/isolsoft-support-center-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/isolsoft-support-center-sql-inj.html" - }, - { - "name" : "15570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15570" - }, - { - "name" : "ADV-2005-2592", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2592" - }, - { - "name" : "21102", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21102" - }, - { - "name" : "1015270", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015270" - }, - { - "name" : "17728", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status, (4) Category, (5) searchvalue, and (6) field parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015270", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015270" + }, + { + "name": "15570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15570" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/isolsoft-support-center-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/isolsoft-support-center-sql-inj.html" + }, + { + "name": "21102", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21102" + }, + { + "name": "17728", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17728" + }, + { + "name": "ADV-2005-2592", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2592" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4108.json b/2005/4xxx/CVE-2005-4108.json index 9fad30eed56..e5af2ef08ab 100644 --- a/2005/4xxx/CVE-2005-4108.json +++ b/2005/4xxx/CVE-2005-4108.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4108", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4108", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4432.json b/2005/4xxx/CVE-2005-4432.json index 54c95321079..d8fba56417a 100644 --- a/2005/4xxx/CVE-2005-4432.json +++ b/2005/4xxx/CVE-2005-4432.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051217 XSS Vuln in PlaySmS", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113478814326427&w=2" - }, - { - "name" : "20060211 XSS in PlaySMS", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113970096305873&w=2" - }, - { - "name" : "15928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15928" - }, - { - "name" : "ADV-2006-0548", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0548" - }, - { - "name" : "21835", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21835" - }, - { - "name" : "18148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18148" - }, - { - "name" : "playsms-index-xss(23665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060211 XSS in PlaySMS", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113970096305873&w=2" + }, + { + "name": "ADV-2006-0548", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0548" + }, + { + "name": "15928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15928" + }, + { + "name": "21835", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21835" + }, + { + "name": "18148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18148" + }, + { + "name": "20051217 XSS Vuln in PlaySmS", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113478814326427&w=2" + }, + { + "name": "playsms-index-xss(23665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23665" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4510.json b/2005/4xxx/CVE-2005-4510.json index c97db3b1b4d..1e93419d5f2 100644 --- a/2005/4xxx/CVE-2005-4510.json +++ b/2005/4xxx/CVE-2005-4510.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via \"../\" sequences in the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113511429307550&w=2" - }, - { - "name" : "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201", - "refsource" : "MISC", - "url" : "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201" - }, - { - "name" : "15974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15974" - }, - { - "name" : "ADV-2005-3045", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3045" - }, - { - "name" : "1015393", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015393" - }, - { - "name" : "18173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via \"../\" sequences in the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18173" + }, + { + "name": "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201", + "refsource": "MISC", + "url": "http://www.extensis.com/en/support/kb_article.jsp?articleNumber=3302201" + }, + { + "name": "15974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15974" + }, + { + "name": "20051220 IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113511429307550&w=2" + }, + { + "name": "1015393", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015393" + }, + { + "name": "ADV-2005-3045", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3045" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4591.json b/2005/4xxx/CVE-2005-4591.json index 90c365253f9..12ed5d3e6c5 100644 --- a/2005/4xxx/CVE-2005-4591.json +++ b/2005/4xxx/CVE-2005-4591.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via \"invalid input sequences\" that lead to heap corruption when bogofilter or bogolexer converts character sets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01", - "refsource" : "CONFIRM", - "url" : "http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01" - }, - { - "name" : "SUSE-SR:2006:003", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html" - }, - { - "name" : "USN-240-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/240-1/" - }, - { - "name" : "16171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16171" - }, - { - "name" : "ADV-2006-0100", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0100" - }, - { - "name" : "18352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18352" - }, - { - "name" : "18427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18427" - }, - { - "name" : "18717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18717" - }, - { - "name" : "bogofilter-unicode-bo(24118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via \"invalid input sequences\" that lead to heap corruption when bogofilter or bogolexer converts character sets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-240-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/240-1/" + }, + { + "name": "http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01", + "refsource": "CONFIRM", + "url": "http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01" + }, + { + "name": "SUSE-SR:2006:003", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html" + }, + { + "name": "ADV-2006-0100", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0100" + }, + { + "name": "bogofilter-unicode-bo(24118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24118" + }, + { + "name": "18717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18717" + }, + { + "name": "16171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16171" + }, + { + "name": "18352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18352" + }, + { + "name": "18427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18427" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0318.json b/2009/0xxx/CVE-2009-0318.json index 780639ad259..295143ad34a 100644 --- a/2009/0xxx/CVE-2009-0318.json +++ b/2009/0xxx/CVE-2009-0318.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/01/26/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=481572", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=481572" - }, - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=569648", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=569648" - }, - { - "name" : "FEDORA-2009-1295", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00211.html" - }, - { - "name" : "GLSA-200904-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-03.xml" - }, - { - "name" : "MDVSA-2009:043", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:043" - }, - { - "name" : "33438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33438" - }, - { - "name" : "33707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33707" - }, - { - "name" : "33823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=481572", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481572" + }, + { + "name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=569648", + "refsource": "CONFIRM", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=569648" + }, + { + "name": "33823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33823" + }, + { + "name": "33438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33438" + }, + { + "name": "GLSA-200904-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-03.xml" + }, + { + "name": "33707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33707" + }, + { + "name": "FEDORA-2009-1295", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00211.html" + }, + { + "name": "MDVSA-2009:043", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:043" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0453.json b/2009/0xxx/CVE-2009-0453.json index bd880c5f8d5..ae58cfc477c 100644 --- a/2009/0xxx/CVE-2009-0453.json +++ b/2009/0xxx/CVE-2009-0453.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7956", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7956" - }, - { - "name" : "51713", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51713" - }, - { - "name" : "33767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7956", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7956" + }, + { + "name": "51713", + "refsource": "OSVDB", + "url": "http://osvdb.org/51713" + }, + { + "name": "33767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33767" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0769.json b/2009/0xxx/CVE-2009-0769.json index 45f4017d5d7..f109c5ca45a 100644 --- a/2009/0xxx/CVE-2009-0769.json +++ b/2009/0xxx/CVE-2009-0769.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QIP 2005 build 8082 allows remote attackers to cause a denial of service (CPU consumption and application hang) via a crafted Rich Text Format (RTF) ICQ message, as demonstrated by an {\\rtf\\pict\\&&} message. NOTE: the vulnerability may be in Sergey Tkachenko TRichView. If so, then this should not be treated as a vulnerability in QIP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090204 QIP 2005 Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500656/100/0/threaded" - }, - { - "name" : "33609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33609" - }, - { - "name" : "51755", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/51755" - }, - { - "name" : "33851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QIP 2005 build 8082 allows remote attackers to cause a denial of service (CPU consumption and application hang) via a crafted Rich Text Format (RTF) ICQ message, as demonstrated by an {\\rtf\\pict\\&&} message. NOTE: the vulnerability may be in Sergey Tkachenko TRichView. If so, then this should not be treated as a vulnerability in QIP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33609" + }, + { + "name": "51755", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/51755" + }, + { + "name": "20090204 QIP 2005 Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500656/100/0/threaded" + }, + { + "name": "33851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33851" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0842.json b/2009/0xxx/CVE-2009-0842.json index ec3796aa9dc..4b78ee7cd16 100644 --- a/2009/0xxx/CVE-2009-0842.json +++ b/2009/0xxx/CVE-2009-0842.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502271/100/0/threaded" - }, - { - "name" : "[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes", - "refsource" : "MLIST", - "url" : "http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html" - }, - { - "name" : "http://www.positronsecurity.com/advisories/2009-000.html", - "refsource" : "MISC", - "url" : "http://www.positronsecurity.com/advisories/2009-000.html" - }, - { - "name" : "http://trac.osgeo.org/mapserver/ticket/2941", - "refsource" : "CONFIRM", - "url" : "http://trac.osgeo.org/mapserver/ticket/2941" - }, - { - "name" : "DSA-1914", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1914" - }, - { - "name" : "FEDORA-2009-3357", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html" - }, - { - "name" : "FEDORA-2009-3383", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html" - }, - { - "name" : "34306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34306" - }, - { - "name" : "1021952", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021952" - }, - { - "name" : "34520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34520" - }, - { - "name" : "34603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.osgeo.org/mapserver/ticket/2941", + "refsource": "CONFIRM", + "url": "http://trac.osgeo.org/mapserver/ticket/2941" + }, + { + "name": "http://www.positronsecurity.com/advisories/2009-000.html", + "refsource": "MISC", + "url": "http://www.positronsecurity.com/advisories/2009-000.html" + }, + { + "name": "1021952", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021952" + }, + { + "name": "20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502271/100/0/threaded" + }, + { + "name": "34603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34603" + }, + { + "name": "FEDORA-2009-3383", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html" + }, + { + "name": "34306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34306" + }, + { + "name": "34520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34520" + }, + { + "name": "DSA-1914", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1914" + }, + { + "name": "FEDORA-2009-3357", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html" + }, + { + "name": "[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes", + "refsource": "MLIST", + "url": "http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1047.json b/2009/1xxx/CVE-2009-1047.json index ec955649903..4eb0323756d 100644 --- a/2009/1xxx/CVE-2009-1047.json +++ b/2009/1xxx/CVE-2009-1047.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the \"Printer, e-mail and PDF versions\" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/406516", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/406516" - }, - { - "name" : "52852", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the \"Printer, e-mail and PDF versions\" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52852", + "refsource": "OSVDB", + "url": "http://osvdb.org/52852" + }, + { + "name": "http://drupal.org/node/406516", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/406516" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1083.json b/2009/1xxx/CVE-2009-1083.json index 58014a60f5b..755bb1168e4 100644 --- a/2009/1xxx/CVE-2009-1083.json +++ b/2009/1xxx/CVE-2009-1083.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits \"control characters\" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving \"resource adapters.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1" - }, - { - "name" : "253267", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1" - }, - { - "name" : "34191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34191" - }, - { - "name" : "1021881", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021881" - }, - { - "name" : "34380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34380" - }, - { - "name" : "ADV-2009-0797", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits \"control characters\" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving \"resource adapters.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "253267", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1" + }, + { + "name": "1021881", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021881" + }, + { + "name": "34191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34191" + }, + { + "name": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java" + }, + { + "name": "ADV-2009-0797", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0797" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1" + }, + { + "name": "34380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34380" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1558.json b/2009/1xxx/CVE-2009-1558.json index b3de8a7b411..38ba69ced01 100644 --- a/2009/1xxx/CVE-2009-1558.json +++ b/2009/1xxx/CVE-2009-1558.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/" - }, - { - "name" : "34713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34713" - }, - { - "name" : "ADV-2009-1173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1173" - }, - { - "name" : "wvc54gca-admfile-dir-traversal(50231)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wvc54gca-admfile-dir-traversal(50231)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50231" + }, + { + "name": "34713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34713" + }, + { + "name": "ADV-2009-1173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1173" + }, + { + "name": "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1635.json b/2009/1xxx/CVE-2009-1635.json index ae428e53198..c235c923e41 100644 --- a/2009/1xxx/CVE-2009-1635.json +++ b/2009/1xxx/CVE-2009-1635.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090521 Novell GroupWise Web Access Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503700/100/0/threaded" - }, - { - "name" : "20090528 Novell Groupwise fails to properly sanitize emails.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503885/100/0/threaded" - }, - { - "name" : "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=472987", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=472987" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=474500", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=474500" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=484942", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=484942" - }, - { - "name" : "http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7003267&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7003267&sliceId=1" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7003268&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7003268&sliceId=1" - }, - { - "name" : "35061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35061" - }, - { - "name" : "35066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35066" - }, - { - "name" : "1022267", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022267" - }, - { - "name" : "35177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35177" - }, - { - "name" : "ADV-2009-1393", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1393" - }, - { - "name" : "groupwise-styleexpressions-xss(50689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50689" - }, - { - "name" : "groupwise-unspecified-xss(50691)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50691" - }, - { - "name" : "groupwise-webaccess-loginpage-xss(50672)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "groupwise-styleexpressions-xss(50689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50689" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7003268&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7003268&sliceId=1" + }, + { + "name": "ADV-2009-1393", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1393" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=484942", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=484942" + }, + { + "name": "20090528 Novell Groupwise fails to properly sanitize emails.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503885/100/0/threaded" + }, + { + "name": "35177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35177" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=472987", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=472987" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt" + }, + { + "name": "http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271" + }, + { + "name": "35061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35061" + }, + { + "name": "1022267", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022267" + }, + { + "name": "20090521 Novell GroupWise Web Access Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503700/100/0/threaded" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=474500", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=474500" + }, + { + "name": "35066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35066" + }, + { + "name": "groupwise-webaccess-loginpage-xss(50672)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50672" + }, + { + "name": "groupwise-unspecified-xss(50691)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50691" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7003267&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7003267&sliceId=1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1825.json b/2009/1xxx/CVE-2009-1825.json index 196a4b0a59e..470cdb5bcdb 100644 --- a/2009/1xxx/CVE-2009-1825.json +++ b/2009/1xxx/CVE-2009-1825.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8707", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8707" - }, - { - "name" : "http://www.collector.ch/drupal5/?q=node/39", - "refsource" : "CONFIRM", - "url" : "http://www.collector.ch/drupal5/?q=node/39" - }, - { - "name" : "ADV-2009-1344", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1344", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1344" + }, + { + "name": "8707", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8707" + }, + { + "name": "http://www.collector.ch/drupal5/?q=node/39", + "refsource": "CONFIRM", + "url": "http://www.collector.ch/drupal5/?q=node/39" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3584.json b/2009/3xxx/CVE-2009-3584.json index 3aa587296b3..50d5ee3a13c 100644 --- a/2009/3xxx/CVE-2009-3584.json +++ b/2009/3xxx/CVE-2009-3584.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091221 SQL-Ledger â?? several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508559/100/0/threaded" - }, - { - "name" : "37431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37431" - }, - { - "name" : "37877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37877" - }, - { - "name" : "sqlledger-cookie-weak-security(54968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091221 SQL-Ledger â?? several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded" + }, + { + "name": "37877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37877" + }, + { + "name": "37431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37431" + }, + { + "name": "sqlledger-cookie-weak-security(54968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54968" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4222.json b/2009/4xxx/CVE-2009-4222.json index 4ceb9000478..bc18787140a 100644 --- a/2009/4xxx/CVE-2009-4222.json +++ b/2009/4xxx/CVE-2009-4222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0911-exploits/phpbazar-access.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0911-exploits/phpbazar-access.txt" - }, - { - "name" : "37132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0911-exploits/phpbazar-access.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0911-exploits/phpbazar-access.txt" + }, + { + "name": "37132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37132" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4231.json b/2009/4xxx/CVE-2009-4231.json index 55a55510922..fdf27eab501 100644 --- a/2009/4xxx/CVE-2009-4231.json +++ b/2009/4xxx/CVE-2009-4231.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0911-exploits/sweetrice-rfilfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0911-exploits/sweetrice-rfilfi.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0911-exploits/sweetrice-rfilfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0911-exploits/sweetrice-rfilfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4551.json b/2009/4xxx/CVE-2009-4551.json index 4da2bf3e9a6..abc53c17af9 100644 --- a/2009/4xxx/CVE-2009-4551.json +++ b/2009/4xxx/CVE-2009-4551.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9339", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9339" - }, - { - "name" : "35870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9339", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9339" + }, + { + "name": "35870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35870" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2297.json b/2012/2xxx/CVE-2012-2297.json index 1803ff766bc..1e5351598e8 100644 --- a/2012/2xxx/CVE-2012-2297.json +++ b/2012/2xxx/CVE-2012-2297.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120502 CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/1" - }, - { - "name" : "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/2" - }, - { - "name" : "http://drupal.org/node/1547520", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1547520" - }, - { - "name" : "http://www.madirish.net/content/drupal-creative-commons-6x-10-xss-vulnerability", - "refsource" : "MISC", - "url" : "http://www.madirish.net/content/drupal-creative-commons-6x-10-xss-vulnerability" - }, - { - "name" : "http://drupal.org/node/1547478", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1547478" - }, - { - "name" : "53248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53248" - }, - { - "name" : "48937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48937" - }, - { - "name" : "creativecommons-licensedescription-xss(75180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.madirish.net/content/drupal-creative-commons-6x-10-xss-vulnerability", + "refsource": "MISC", + "url": "http://www.madirish.net/content/drupal-creative-commons-6x-10-xss-vulnerability" + }, + { + "name": "53248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53248" + }, + { + "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2" + }, + { + "name": "48937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48937" + }, + { + "name": "creativecommons-licensedescription-xss(75180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75180" + }, + { + "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1" + }, + { + "name": "http://drupal.org/node/1547520", + "refsource": "MISC", + "url": "http://drupal.org/node/1547520" + }, + { + "name": "http://drupal.org/node/1547478", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1547478" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2424.json b/2012/2xxx/CVE-2012-2424.json index 3db32fb3460..564883cd91a 100644 --- a/2012/2xxx/CVE-2012-2424.json +++ b/2012/2xxx/CVE-2012-2424.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a URI that lacks a required delimiter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120330 Intuit Help System Protocol File Retrieval", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522139" - }, - { - "name" : "20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522138" - }, - { - "name" : "VU#232979", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/232979" - }, - { - "name" : "quickbooks-intuit-help-dos(75175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a URI that lacks a required delimiter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120330 Intuit Help System Protocol File Retrieval", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522139" + }, + { + "name": "20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522138" + }, + { + "name": "quickbooks-intuit-help-dos(75175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75175" + }, + { + "name": "VU#232979", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/232979" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2549.json b/2012/2xxx/CVE-2012-2549.json index 2309b2cbf89..b4ea55eda9a 100644 --- a/2012/2xxx/CVE-2012-2549.json +++ b/2012/2xxx/CVE-2012-2549.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka \"Revoked Certificate Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-083", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-083" - }, - { - "name" : "TA12-346A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" - }, - { - "name" : "oval:org.mitre.oval:def:16117", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka \"Revoked Certificate Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-346A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" + }, + { + "name": "MS12-083", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-083" + }, + { + "name": "oval:org.mitre.oval:def:16117", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16117" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6122.json b/2012/6xxx/CVE-2012-6122.json index 83236c7e3a8..2aaf99e9544 100644 --- a/2012/6xxx/CVE-2012-6122.json +++ b/2012/6xxx/CVE-2012-6122.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6122", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6122", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6702.json b/2012/6xxx/CVE-2012-6702.json index 3d7d7b40368..009c9684bad 100644 --- a/2012/6xxx/CVE-2012-6702.json +++ b/2012/6xxx/CVE-2012-6702.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2012-6702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160603 Re: expat hash collision fix too predictable?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/04/1" - }, - { - "name" : "[oss-security] 20160603 Re: expat hash collision fix too predictable?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/03/8" - }, - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-20", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-20" - }, - { - "name" : "DSA-3597", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3597" - }, - { - "name" : "GLSA-201701-21", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-21" - }, - { - "name" : "USN-3010-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3010-1" - }, - { - "name" : "91483", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, + { + "name": "91483", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91483" + }, + { + "name": "DSA-3597", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3597" + }, + { + "name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/04/1" + }, + { + "name": "[oss-security] 20160603 Re: expat hash collision fix too predictable?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/03/8" + }, + { + "name": "GLSA-201701-21", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-21" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "USN-3010-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3010-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1329.json b/2015/1xxx/CVE-2015-1329.json index 66c604bf987..a35d31f452b 100644 --- a/2015/1xxx/CVE-2015-1329.json +++ b/2015/1xxx/CVE-2015-1329.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-1329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1329.html", - "refsource" : "CONFIRM", - "url" : "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1329.html" - }, - { - "name" : "USN-2677-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2677-1" - }, - { - "name" : "76174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1329.html", + "refsource": "CONFIRM", + "url": "http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1329.html" + }, + { + "name": "USN-2677-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2677-1" + }, + { + "name": "76174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76174" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1471.json b/2015/1xxx/CVE-2015-1471.json index 59bcae4152a..66802cbc989 100644 --- a/2015/1xxx/CVE-2015-1471.json +++ b/2015/1xxx/CVE-2015-1471.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150203 SQL injection vulnerability in Pragyan CMS v.3.0", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Feb/18" - }, - { - "name" : "[oss-security] 20150203 Re: CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q1/402" - }, - { - "name" : "http://pastebin.com/ip2gGYuS", - "refsource" : "MISC", - "url" : "http://pastebin.com/ip2gGYuS" - }, - { - "name" : "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html" - }, - { - "name" : "http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html" - }, - { - "name" : "https://github.com/delta/pragyan/issues/206", - "refsource" : "MISC", - "url" : "https://github.com/delta/pragyan/issues/206" - }, - { - "name" : "https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309", - "refsource" : "CONFIRM", - "url" : "https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html" + }, + { + "name": "20150203 SQL injection vulnerability in Pragyan CMS v.3.0", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Feb/18" + }, + { + "name": "https://github.com/delta/pragyan/issues/206", + "refsource": "MISC", + "url": "https://github.com/delta/pragyan/issues/206" + }, + { + "name": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html" + }, + { + "name": "[oss-security] 20150203 Re: CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q1/402" + }, + { + "name": "https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309", + "refsource": "CONFIRM", + "url": "https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309" + }, + { + "name": "http://pastebin.com/ip2gGYuS", + "refsource": "MISC", + "url": "http://pastebin.com/ip2gGYuS" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1605.json b/2015/1xxx/CVE-2015-1605.json index b82fc9a1ebc..0d61b310c7e 100644 --- a/2015/1xxx/CVE-2015-1605.json +++ b/2015/1xxx/CVE-2015-1605.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-048/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-048/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-049/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-049/" - }, - { - "name" : "72697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-049/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-049/" + }, + { + "name": "72697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72697" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-048/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-048/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1673.json b/2015/1xxx/CVE-2015-1673.json index 7e26ff38fc9..f85c159f9e9 100644 --- a/2015/1xxx/CVE-2015-1673.json +++ b/2015/1xxx/CVE-2015-1673.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka \"Windows Forms Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-048" - }, - { - "name" : "74487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74487" - }, - { - "name" : "1032297", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka \"Windows Forms Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74487" + }, + { + "name": "1032297", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032297" + }, + { + "name": "MS15-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-048" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5228.json b/2015/5xxx/CVE-2015-5228.json index 328527eb766..728d4852fd8 100644 --- a/2015/5xxx/CVE-2015-5228.json +++ b/2015/5xxx/CVE-2015-5228.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[CRIU] 20150825 Hardening the criu service daemon", - "refsource" : "MLIST", - "url" : "https://lists.openvz.org/pipermail/criu/2015-August/021847.html" - }, - { - "name" : "[oss-security] 20150825 CVE-2015-5228 & CVE-2015-5231 in the criu service daemon", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/25/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255782", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255782" - }, - { - "name" : "openSUSE-SU-2015:1593", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150825 CVE-2015-5228 & CVE-2015-5231 in the criu service daemon", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/25/5" + }, + { + "name": "openSUSE-SU-2015:1593", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html" + }, + { + "name": "[CRIU] 20150825 Hardening the criu service daemon", + "refsource": "MLIST", + "url": "https://lists.openvz.org/pipermail/criu/2015-August/021847.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255782", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255782" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5574.json b/2015/5xxx/CVE-2015-5574.json index 638b8710ab8..c7aa8f5f70b 100644 --- a/2015/5xxx/CVE-2015-5574.json +++ b/2015/5xxx/CVE-2015-5574.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39652", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39652/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76795" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "76795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76795" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "39652", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39652/" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11148.json b/2018/11xxx/CVE-2018-11148.json index a720dac2f1e..6cd2f403c65 100644 --- a/2018/11xxx/CVE-2018-11148.json +++ b/2018/11xxx/CVE-2018-11148.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11560.json b/2018/11xxx/CVE-2018-11560.json index fde86983324..247e2fae168 100644 --- a/2018/11xxx/CVE-2018-11560.json +++ b/2018/11xxx/CVE-2018-11560.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/badnack/Insteon_2864-222", - "refsource" : "MISC", - "url" : "https://github.com/badnack/Insteon_2864-222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/badnack/Insteon_2864-222", + "refsource": "MISC", + "url": "https://github.com/badnack/Insteon_2864-222" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11822.json b/2018/11xxx/CVE-2018-11822.json index dab7d659e41..1b1f9a519dc 100644 --- a/2018/11xxx/CVE-2018-11822.json +++ b/2018/11xxx/CVE-2018-11822.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 835, SD 845, SD 850, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow or Wraparound in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 835, SD 845, SD 850, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow or Wraparound in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15004.json b/2018/15xxx/CVE-2018-15004.json index d5c8f9e190a..8d5cd9f9a8e 100644 --- a/2018/15xxx/CVE-2018-15004.json +++ b/2018/15xxx/CVE-2018-15004.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. When an app sets the persist.service.logr.enable system property to a value of 1, an app with a package name of com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) will start writing the system-wide logcat log, kernel log, and a tcpdump network traffic capture to external storage. Furthermore, on the Coolpad Canvas device, the com.android.phone app writes the destination phone number and body of the text message for outgoing text messages. A notification when logging can be avoided if the log is enabled after device startup and disabled prior to device shutdown by setting the system properties using the exported interface of the com.qualcomm.qti.modemtestmode app. Any app with the READ_EXTERNAL_STORAGE permission can access the log files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" - }, - { - "name" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. When an app sets the persist.service.logr.enable system property to a value of 1, an app with a package name of com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) will start writing the system-wide logcat log, kernel log, and a tcpdump network traffic capture to external storage. Furthermore, on the Coolpad Canvas device, the com.android.phone app writes the destination phone number and body of the text message for outgoing text messages. A notification when logging can be avoided if the log is enabled after device startup and disabled prior to device shutdown by setting the system properties using the exported interface of the com.qualcomm.qti.modemtestmode app. Any app with the READ_EXTERNAL_STORAGE permission can access the log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" + }, + { + "name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15429.json b/2018/15xxx/CVE-2018-15429.json index 259d71b9ca5..c900ce0410d 100644 --- a/2018/15xxx/CVE-2018-15429.json +++ b/2018/15xxx/CVE-2018-15429.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15429", - "STATE" : "PUBLIC", - "TITLE" : "Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco HyperFlex HX Data Platform ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "5.3", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15429", + "STATE": "PUBLIC", + "TITLE": "Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco HyperFlex HX Data Platform ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-uda" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-hyperflex-uda", - "defect" : [ - [ - "CSCvi48372" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181003 Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-uda" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-hyperflex-uda", + "defect": [ + [ + "CSCvi48372" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15533.json b/2018/15xxx/CVE-2018-15533.json index 466359a55a0..25610472c74 100644 --- a/2018/15xxx/CVE-2018-15533.json +++ b/2018/15xxx/CVE-2018-15533.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45242", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45242/" - }, - { - "name" : "http://packetstormsecurity.com/files/149003/Geutebruck-re_porter-16-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149003/Geutebruck-re_porter-16-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149003/Geutebruck-re_porter-16-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149003/Geutebruck-re_porter-16-Cross-Site-Scripting.html" + }, + { + "name": "45242", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45242/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3151.json b/2018/3xxx/CVE-2018-3151.json index 5e8d29ab467..7a98e2159db 100644 --- a/2018/3xxx/CVE-2018-3151.json +++ b/2018/3xxx/CVE-2018-3151.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iProcurement", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle iProcurement component of Oracle E-Business Suite (subcomponent: E-Content Manager Catalog). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iProcurement accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iProcurement accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iProcurement", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105631" - }, - { - "name" : "1041897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iProcurement component of Oracle E-Business Suite (subcomponent: E-Content Manager Catalog). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iProcurement accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iProcurement accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041897" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105631" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3352.json b/2018/3xxx/CVE-2018-3352.json index 8b80395ebee..d6069de3cb5 100644 --- a/2018/3xxx/CVE-2018-3352.json +++ b/2018/3xxx/CVE-2018-3352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3696.json b/2018/3xxx/CVE-2018-3696.json index 2587258a3c0..66f2b0f3f89 100644 --- a/2018/3xxx/CVE-2018-3696.json +++ b/2018/3xxx/CVE-2018-3696.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2018-3696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel RAID Web Console v3 for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 4.186" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2018-3696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel RAID Web Console v3 for Windows", + "version": { + "version_data": [ + { + "version_value": "Versions before 4.186" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00196.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00196.html" - }, - { - "name" : "106028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106028" + }, + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00196.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00196.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3707.json b/2018/3xxx/CVE-2018-3707.json index dda7a3e1709..1ca364bdb4e 100644 --- a/2018/3xxx/CVE-2018-3707.json +++ b/2018/3xxx/CVE-2018-3707.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3707", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3707", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8357.json b/2018/8xxx/CVE-2018-8357.json index cea806e41d0..f638cc61a32 100644 --- a/2018/8xxx/CVE-2018-8357.json +++ b/2018/8xxx/CVE-2018-8357.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka \"Microsoft Browser Elevation of Privilege Vulnerability.\" This affects Internet Explorer 11, Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8357", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8357" - }, - { - "name" : "105022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105022" - }, - { - "name" : "1041457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka \"Microsoft Browser Elevation of Privilege Vulnerability.\" This affects Internet Explorer 11, Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041457" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8357", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8357" + }, + { + "name": "105022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105022" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8406.json b/2018/8xxx/CVE-2018-8406.json index 130d43a7e9b..3983052bf69 100644 --- a/2018/8xxx/CVE-2018-8406.json +++ b/2018/8xxx/CVE-2018-8406.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406" - }, - { - "name" : "105012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105012" - }, - { - "name" : "1041461", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105012" + }, + { + "name": "1041461", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041461" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8948.json b/2018/8xxx/CVE-2018-8948.json index 29a6b811c29..eba35069231 100644 --- a/2018/8xxx/CVE-2018-8948.json +++ b/2018/8xxx/CVE-2018-8948.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MISP/MISP/commit/01924cd948dbceb8391be671dab672e9f4a0ffe8", - "refsource" : "CONFIRM", - "url" : "https://github.com/MISP/MISP/commit/01924cd948dbceb8391be671dab672e9f4a0ffe8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MISP/MISP/commit/01924cd948dbceb8391be671dab672e9f4a0ffe8", + "refsource": "CONFIRM", + "url": "https://github.com/MISP/MISP/commit/01924cd948dbceb8391be671dab672e9f4a0ffe8" + } + ] + } +} \ No newline at end of file