From b09978387862695b96e2b35b6e887c8661cddee7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:35:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0893.json | 120 +++---- 2005/0xxx/CVE-2005-0925.json | 170 +++++----- 2005/1xxx/CVE-2005-1467.json | 180 +++++------ 2005/2xxx/CVE-2005-2585.json | 130 ++++---- 2005/3xxx/CVE-2005-3048.json | 140 ++++----- 2005/3xxx/CVE-2005-3324.json | 200 ++++++------ 2005/3xxx/CVE-2005-3548.json | 150 ++++----- 2005/3xxx/CVE-2005-3628.json | 490 ++++++++++++++--------------- 2005/3xxx/CVE-2005-3683.json | 200 ++++++------ 2005/3xxx/CVE-2005-3873.json | 160 +++++----- 2005/4xxx/CVE-2005-4156.json | 130 ++++---- 2005/4xxx/CVE-2005-4177.json | 170 +++++----- 2005/4xxx/CVE-2005-4297.json | 150 ++++----- 2005/4xxx/CVE-2005-4587.json | 160 +++++----- 2005/4xxx/CVE-2005-4648.json | 130 ++++---- 2005/4xxx/CVE-2005-4689.json | 130 ++++---- 2009/0xxx/CVE-2009-0044.json | 34 +- 2009/0xxx/CVE-2009-0051.json | 140 ++++----- 2009/0xxx/CVE-2009-0274.json | 140 ++++----- 2009/0xxx/CVE-2009-0288.json | 170 +++++----- 2009/0xxx/CVE-2009-0696.json | 480 ++++++++++++++-------------- 2009/0xxx/CVE-2009-0740.json | 130 ++++---- 2009/0xxx/CVE-2009-0778.json | 260 ++++++++-------- 2009/2xxx/CVE-2009-2039.json | 160 +++++----- 2009/2xxx/CVE-2009-2848.json | 370 +++++++++++----------- 2009/3xxx/CVE-2009-3273.json | 140 ++++----- 2009/3xxx/CVE-2009-3544.json | 140 ++++----- 2009/3xxx/CVE-2009-3740.json | 34 +- 2009/3xxx/CVE-2009-3836.json | 150 ++++----- 2009/3xxx/CVE-2009-3960.json | 170 +++++----- 2009/4xxx/CVE-2009-4226.json | 150 ++++----- 2009/4xxx/CVE-2009-4797.json | 150 ++++----- 2012/2xxx/CVE-2012-2203.json | 170 +++++----- 2012/2xxx/CVE-2012-2222.json | 34 +- 2015/0xxx/CVE-2015-0202.json | 180 +++++------ 2015/0xxx/CVE-2015-0460.json | 320 +++++++++---------- 2015/1xxx/CVE-2015-1291.json | 200 ++++++------ 2015/1xxx/CVE-2015-1664.json | 34 +- 2015/1xxx/CVE-2015-1995.json | 120 +++---- 2015/5xxx/CVE-2015-5106.json | 150 ++++----- 2015/5xxx/CVE-2015-5174.json | 460 +++++++++++++-------------- 2015/5xxx/CVE-2015-5510.json | 150 ++++----- 2015/5xxx/CVE-2015-5519.json | 140 ++++----- 2015/5xxx/CVE-2015-5527.json | 34 +- 2015/5xxx/CVE-2015-5609.json | 140 ++++----- 2015/5xxx/CVE-2015-5745.json | 34 +- 2018/11xxx/CVE-2018-11575.json | 130 ++++---- 2018/3xxx/CVE-2018-3002.json | 142 ++++----- 2018/3xxx/CVE-2018-3064.json | 208 ++++++------- 2018/3xxx/CVE-2018-3718.json | 122 ++++---- 2018/3xxx/CVE-2018-3754.json | 122 ++++---- 2018/6xxx/CVE-2018-6014.json | 130 ++++---- 2018/7xxx/CVE-2018-7113.json | 130 ++++---- 2018/7xxx/CVE-2018-7301.json | 120 +++---- 2018/7xxx/CVE-2018-7385.json | 34 +- 2018/7xxx/CVE-2018-7661.json | 130 ++++---- 2018/7xxx/CVE-2018-7800.json | 140 ++++----- 2018/8xxx/CVE-2018-8021.json | 130 ++++---- 2018/8xxx/CVE-2018-8202.json | 554 ++++++++++++++++----------------- 2018/8xxx/CVE-2018-8319.json | 140 ++++----- 2018/8xxx/CVE-2018-8521.json | 34 +- 2018/8xxx/CVE-2018-8846.json | 142 ++++----- 62 files changed, 5101 insertions(+), 5101 deletions(-) diff --git a/2005/0xxx/CVE-2005-0893.json b/2005/0xxx/CVE-2005-0893.json index e810283e199..601f299b64e 100644 --- a/2005/0xxx/CVE-2005-0893.json +++ b/2005/0xxx/CVE-2005-0893.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050325 smail remote and local root holes", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111177045217717&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050325 smail remote and local root holes", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111177045217717&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0925.json b/2005/0xxx/CVE-2005-0925.json index 0d39a087c93..34668344bc6 100644 --- a/2005/0xxx/CVE-2005-0925.json +++ b/2005/0xxx/CVE-2005-0925.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050329 [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111214393101387&w=2" - }, - { - "name" : "http://www.persianhacker.net/news/news-2945.html", - "refsource" : "MISC", - "url" : "http://www.persianhacker.net/news/news-2945.html" - }, - { - "name" : "12931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12931" - }, - { - "name" : "15121", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15121" - }, - { - "name" : "1013603", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013603" - }, - { - "name" : "14725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013603", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013603" + }, + { + "name": "12931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12931" + }, + { + "name": "http://www.persianhacker.net/news/news-2945.html", + "refsource": "MISC", + "url": "http://www.persianhacker.net/news/news-2945.html" + }, + { + "name": "15121", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15121" + }, + { + "name": "20050329 [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111214393101387&w=2" + }, + { + "name": "14725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14725" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1467.json b/2005/1xxx/CVE-2005-1467.json index 0fc85e404e7..0196fabe946 100644 --- a/2005/1xxx/CVE-2005-1467.json +++ b/2005/1xxx/CVE-2005-1467.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html" - }, - { - "name" : "http://www.ethereal.com/news/item_20050504_01.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/news/item_20050504_01.html" - }, - { - "name" : "CLSA-2005:963", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "RHSA-2005:427", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-427.html" - }, - { - "name" : "13504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13504" - }, - { - "name" : "oval:org.mitre.oval:def:9654", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13504" + }, + { + "name": "RHSA-2005:427", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-427.html" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00019.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00019.html" + }, + { + "name": "oval:org.mitre.oval:def:9654", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9654" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "CLSA-2005:963", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" + }, + { + "name": "http://www.ethereal.com/news/item_20050504_01.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/news/item_20050504_01.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2585.json b/2005/2xxx/CVE-2005-2585.json index ba94d1ca2c8..adec5d11e31 100644 --- a/2005/2xxx/CVE-2005-2585.json +++ b/2005/2xxx/CVE-2005-2585.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050813 Low security hole affecting Mentor's ADSLFR4II router", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112394620905095&w=2" - }, - { - "name" : "14557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14557" + }, + { + "name": "20050813 Low security hole affecting Mentor's ADSLFR4II router", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112394620905095&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3048.json b/2005/3xxx/CVE-2005-3048.json index b83291d618f..9398922bb7e 100644 --- a/2005/3xxx/CVE-2005-3048.json +++ b/2005/3xxx/CVE-2005-3048.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112749230124091&w=2" - }, - { - "name" : "http://rgod.altervista.org/phpmyfuck151.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/phpmyfuck151.html" - }, - { - "name" : "19672", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19672", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19672" + }, + { + "name": "http://rgod.altervista.org/phpmyfuck151.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/phpmyfuck151.html" + }, + { + "name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112749230124091&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3324.json b/2005/3xxx/CVE-2005-3324.json index 53455398fff..97d3f96c82f 100644 --- a/2005/3xxx/CVE-2005-3324.json +++ b/2005/3xxx/CVE-2005-3324.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rgod.altervista.org/mwchat.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/mwchat.html" - }, - { - "name" : "http://www.hackerscenter.com/Archive/view.asp?id=19537", - "refsource" : "MISC", - "url" : "http://www.hackerscenter.com/Archive/view.asp?id=19537" - }, - { - "name" : "http://appindex.net/products/changelog/?product=mwchat&version=6.9", - "refsource" : "CONFIRM", - "url" : "http://appindex.net/products/changelog/?product=mwchat&version=6.9" - }, - { - "name" : "15198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15198" - }, - { - "name" : "ADV-2005-2180", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2180" - }, - { - "name" : "20266", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20266" - }, - { - "name" : "1015094", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015094" - }, - { - "name" : "17303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17303" - }, - { - "name" : "mwchat-chat-sql-injection(22845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mwchat-chat-sql-injection(22845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22845" + }, + { + "name": "http://appindex.net/products/changelog/?product=mwchat&version=6.9", + "refsource": "CONFIRM", + "url": "http://appindex.net/products/changelog/?product=mwchat&version=6.9" + }, + { + "name": "15198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15198" + }, + { + "name": "ADV-2005-2180", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2180" + }, + { + "name": "http://www.hackerscenter.com/Archive/view.asp?id=19537", + "refsource": "MISC", + "url": "http://www.hackerscenter.com/Archive/view.asp?id=19537" + }, + { + "name": "20266", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20266" + }, + { + "name": "1015094", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015094" + }, + { + "name": "http://rgod.altervista.org/mwchat.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/mwchat.html" + }, + { + "name": "17303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17303" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3548.json b/2005/3xxx/CVE-2005-3548.json index a3d7ccd75a4..2dce98f1391 100644 --- a/2005/3xxx/CVE-2005-3548.json +++ b/2005/3xxx/CVE-2005-3548.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the \"Task PHP File To Run\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415798/30/0/threaded" - }, - { - "name" : "35429", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35429" - }, - { - "name" : "17443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17443" - }, - { - "name" : "ipb-taskmanager-directory-traversal(40000)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the \"Task PHP File To Run\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17443" + }, + { + "name": "20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded" + }, + { + "name": "35429", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35429" + }, + { + "name": "ipb-taskmanager-directory-traversal(40000)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40000" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3628.json b/2005/3xxx/CVE-2005-3628.json index fcfd7bf779a..9d3b48dbe84 100644 --- a/2005/3xxx/CVE-2005-3628.json +++ b/2005/3xxx/CVE-2005-3628.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-931", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-931" - }, - { - "name" : "DSA-932", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-932" - }, - { - "name" : "DSA-937", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-937" - }, - { - "name" : "DSA-938", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-938" - }, - { - "name" : "DSA-940", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-940" - }, - { - "name" : "DSA-936", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-936" - }, - { - "name" : "DSA-950", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-950" - }, - { - "name" : "DSA-961", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-961" - }, - { - "name" : "DSA-962", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-962" - }, - { - "name" : "FLSA:175404", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427990/100/0/threaded" - }, - { - "name" : "FLSA-2006:176751", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427053/100/0/threaded" - }, - { - "name" : "MDKSA-2006:010", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010" - }, - { - "name" : "MDKSA-2006:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012" - }, - { - "name" : "MDKSA-2006:011", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011" - }, - { - "name" : "RHSA-2006:0160", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0160.html" - }, - { - "name" : "20060201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" - }, - { - "name" : "SSA:2006-045-04", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" - }, - { - "name" : "SSA:2006-045-09", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" - }, - { - "name" : "SUSE-SA:2006:001", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html" - }, - { - "name" : "oval:org.mitre.oval:def:10287", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10287" - }, - { - "name" : "18387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18387" - }, - { - "name" : "18416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18416" - }, - { - "name" : "18385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18385" - }, - { - "name" : "18389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18389" - }, - { - "name" : "18398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18398" - }, - { - "name" : "18407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18407" - }, - { - "name" : "18534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18534" - }, - { - "name" : "18582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18582" - }, - { - "name" : "18674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18674" - }, - { - "name" : "18675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18675" - }, - { - "name" : "18679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18679" - }, - { - "name" : "18908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18908" - }, - { - "name" : "18913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18913" - }, - { - "name" : "19230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19230" - }, - { - "name" : "18147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18147" - }, - { - "name" : "18380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18380" - }, - { - "name" : "18428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18428" - }, - { - "name" : "18436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-932", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-932" + }, + { + "name": "18147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18147" + }, + { + "name": "18679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18679" + }, + { + "name": "DSA-931", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-931" + }, + { + "name": "19230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19230" + }, + { + "name": "MDKSA-2006:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012" + }, + { + "name": "DSA-962", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-962" + }, + { + "name": "DSA-937", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-937" + }, + { + "name": "18398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18398" + }, + { + "name": "FLSA-2006:176751", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427053/100/0/threaded" + }, + { + "name": "SUSE-SA:2006:001", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html" + }, + { + "name": "DSA-936", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-936" + }, + { + "name": "18674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18674" + }, + { + "name": "18436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18436" + }, + { + "name": "oval:org.mitre.oval:def:10287", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10287" + }, + { + "name": "18428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18428" + }, + { + "name": "18380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18380" + }, + { + "name": "18416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18416" + }, + { + "name": "18407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18407" + }, + { + "name": "18582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18582" + }, + { + "name": "18534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18534" + }, + { + "name": "SSA:2006-045-09", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" + }, + { + "name": "18908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18908" + }, + { + "name": "20060201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" + }, + { + "name": "RHSA-2006:0160", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0160.html" + }, + { + "name": "MDKSA-2006:010", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010" + }, + { + "name": "DSA-940", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-940" + }, + { + "name": "18389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18389" + }, + { + "name": "SSA:2006-045-04", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" + }, + { + "name": "FLSA:175404", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427990/100/0/threaded" + }, + { + "name": "DSA-961", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-961" + }, + { + "name": "18675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18675" + }, + { + "name": "18913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18913" + }, + { + "name": "DSA-938", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-938" + }, + { + "name": "DSA-950", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-950" + }, + { + "name": "18387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18387" + }, + { + "name": "MDKSA-2006:011", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011" + }, + { + "name": "18385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18385" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3683.json b/2005/3xxx/CVE-2005-3683.json index 6afaaf7239f..268ea55cc06 100644 --- a/2005/3xxx/CVE-2005-3683.json +++ b/2005/3xxx/CVE-2005-3683.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051116 freeftpd USER bufferoverflow", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113213763821294&w=2" - }, - { - "name" : "20051116 re: freeftpd USER bufferoverflow", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113216611924774&w=2" - }, - { - "name" : "http://freeftpd.com/?ctt=changelog", - "refsource" : "CONFIRM", - "url" : "http://freeftpd.com/?ctt=changelog" - }, - { - "name" : "15457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15457" - }, - { - "name" : "ADV-2005-2458", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2458" - }, - { - "name" : "20909", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20909" - }, - { - "name" : "1015230", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015230" - }, - { - "name" : "17583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17583" - }, - { - "name" : "freeftpd-multiple-command-bo(23118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015230", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015230" + }, + { + "name": "17583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17583" + }, + { + "name": "freeftpd-multiple-command-bo(23118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118" + }, + { + "name": "ADV-2005-2458", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2458" + }, + { + "name": "20909", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20909" + }, + { + "name": "20051116 freeftpd USER bufferoverflow", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113213763821294&w=2" + }, + { + "name": "20051116 re: freeftpd USER bufferoverflow", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113216611924774&w=2" + }, + { + "name": "http://freeftpd.com/?ctt=changelog", + "refsource": "CONFIRM", + "url": "http://freeftpd.com/?ctt=changelog" + }, + { + "name": "15457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15457" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3873.json b/2005/3xxx/CVE-2005-3873.json index 2a75a2c2090..db13b07292f 100644 --- a/2005/3xxx/CVE-2005-3873.json +++ b/2005/3xxx/CVE-2005-3873.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/shockboard-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/shockboard-sql-inj-vuln.html" - }, - { - "name" : "15592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15592" - }, - { - "name" : "ADV-2005-2612", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2612" - }, - { - "name" : "21138", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21138" - }, - { - "name" : "17735", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15592" + }, + { + "name": "17735", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17735" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/shockboard-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/shockboard-sql-inj-vuln.html" + }, + { + "name": "ADV-2005-2612", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2612" + }, + { + "name": "21138", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21138" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4156.json b/2005/4xxx/CVE-2005-4156.json index 266bc08acfe..8c374f6ed0a 100644 --- a/2005/4xxx/CVE-2005-4156.json +++ b/2005/4xxx/CVE-2005-4156.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.procheckup.com/Vulner_PR0511.php", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/Vulner_PR0511.php" - }, - { - "name" : "1015176", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2005/Nov/1015176.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.procheckup.com/Vulner_PR0511.php", + "refsource": "MISC", + "url": "http://www.procheckup.com/Vulner_PR0511.php" + }, + { + "name": "1015176", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2005/Nov/1015176.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4177.json b/2005/4xxx/CVE-2005-4177.json index 98f5a2cf25b..4e4650471d7 100644 --- a/2005/4xxx/CVE-2005-4177.json +++ b/2005/4xxx/CVE-2005-4177.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/magic-book-v20-professional-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/magic-book-v20-professional-vuln.html" - }, - { - "name" : "15805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15805" - }, - { - "name" : "ADV-2005-2832", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2832" - }, - { - "name" : "21529", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21529" - }, - { - "name" : "17982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17982" - }, - { - "name" : "magicbookprofessional-book-xss(23521)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2832", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2832" + }, + { + "name": "17982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17982" + }, + { + "name": "magicbookprofessional-book-xss(23521)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23521" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/magic-book-v20-professional-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/magic-book-v20-professional-vuln.html" + }, + { + "name": "21529", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21529" + }, + { + "name": "15805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15805" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4297.json b/2005/4xxx/CVE-2005-4297.json index eb0749430ae..53b46a40f73 100644 --- a/2005/4xxx/CVE-2005-4297.json +++ b/2005/4xxx/CVE-2005-4297.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the \"keys\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/bbboard-v2-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/bbboard-v2-xss-vuln.html" - }, - { - "name" : "15884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15884" - }, - { - "name" : "ADV-2005-2935", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2935" - }, - { - "name" : "18091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the \"keys\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15884" + }, + { + "name": "ADV-2005-2935", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2935" + }, + { + "name": "18091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18091" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/bbboard-v2-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/bbboard-v2-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4587.json b/2005/4xxx/CVE-2005-4587.json index 06100922a6d..d392432f41f 100644 --- a/2005/4xxx/CVE-2005-4587.json +++ b/2005/4xxx/CVE-2005-4587.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051227 Juniper NSM remote Denial Of Service", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1281.html" - }, - { - "name" : "16075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16075" - }, - { - "name" : "22047", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22047" - }, - { - "name" : "1015417", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015417" - }, - { - "name" : "18232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16075" + }, + { + "name": "20051227 Juniper NSM remote Denial Of Service", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1281.html" + }, + { + "name": "22047", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22047" + }, + { + "name": "1015417", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015417" + }, + { + "name": "18232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18232" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4648.json b/2005/4xxx/CVE-2005-4648.json index 1a8433711f2..e4a23fedef9 100644 --- a/2005/4xxx/CVE-2005-4648.json +++ b/2005/4xxx/CVE-2005-4648.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_Overflow_Issue.html", - "refsource" : "MISC", - "url" : "http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_Overflow_Issue.html" - }, - { - "name" : "1015415", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_Overflow_Issue.html", + "refsource": "MISC", + "url": "http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_Overflow_Issue.html" + }, + { + "name": "1015415", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015415" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4689.json b/2005/4xxx/CVE-2005-4689.json index 484f980513f..6f5366203fb 100644 --- a/2005/4xxx/CVE-2005-4689.json +++ b/2005/4xxx/CVE-2005-4689.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051103 Buggy blogging", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html" - }, - { - "name" : "http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html", - "refsource" : "CONFIRM", - "url" : "http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051103 Buggy blogging", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html" + }, + { + "name": "http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html", + "refsource": "CONFIRM", + "url": "http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0044.json b/2009/0xxx/CVE-2009-0044.json index 07018568671..294e5eb1ba6 100644 --- a/2009/0xxx/CVE-2009-0044.json +++ b/2009/0xxx/CVE-2009-0044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0044", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0044", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0051.json b/2009/0xxx/CVE-2009-0051.json index 133e5bce595..dfc505424a8 100644 --- a/2009/0xxx/CVE-2009-0051.json +++ b/2009/0xxx/CVE-2009-0051.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499827/100/0/threaded" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2008-016.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2008-016.html" - }, - { - "name" : "openssl-dsa-verify-security-bypass(47837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openssl-dsa-verify-security-bypass(47837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47837" + }, + { + "name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2008-016.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2008-016.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0274.json b/2009/0xxx/CVE-2009-0274.json index 53e387fe855..0d8d6af2d38 100644 --- a/2009/0xxx/CVE-2009-0274.json +++ b/2009/0xxx/CVE-2009-0274.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7002322", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7002322" - }, - { - "name" : "33559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33559" - }, - { - "name" : "33744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33744" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7002322", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7002322" + }, + { + "name": "33559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33559" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0288.json b/2009/0xxx/CVE-2009-0288.json index a220e56549f..a39afbb8602 100644 --- a/2009/0xxx/CVE-2009-0288.json +++ b/2009/0xxx/CVE-2009-0288.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090115 TFTPUtil GUI TFTP Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500106/100/0/threaded" - }, - { - "name" : "http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal", - "refsource" : "MISC", - "url" : "http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=894598", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=894598" - }, - { - "name" : "33287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33287" - }, - { - "name" : "33561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33561" - }, - { - "name" : "tftputil-tftpget-directory-traversal(48019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090115 TFTPUtil GUI TFTP Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500106/100/0/threaded" + }, + { + "name": "33561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33561" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=894598", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=894598" + }, + { + "name": "33287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33287" + }, + { + "name": "tftputil-tftpget-directory-traversal(48019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48019" + }, + { + "name": "http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal", + "refsource": "MISC", + "url": "http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0696.json b/2009/0xxx/CVE-2009-0696.json index 4d8c1523128..4ee22e436ed 100644 --- a/2009/0xxx/CVE-2009-0696.json +++ b/2009/0xxx/CVE-2009-0696.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-0696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090729 rPSA-2009-0113-1 bind bind-utils", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505403/100/0/threaded" - }, - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "https://www.isc.org/node/474", - "refsource" : "CONFIRM", - "url" : "https://www.isc.org/node/474" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0113", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0113" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975" - }, - { - "name" : "http://up2date.astaro.com/2009/08/up2date_7505_released.html", - "refsource" : "CONFIRM", - "url" : "http://up2date.astaro.com/2009/08/up2date_7505_released.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt" - }, - { - "name" : "FEDORA-2009-8119", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html" - }, - { - "name" : "NetBSD-SA2009-013", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc" - }, - { - "name" : "[4.4] 014: RELIABILITY FIX: July 29, 2009", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata44.html#014_bind" - }, - { - "name" : "SSA:2009-210-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499" - }, - { - "name" : "264828", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1" - }, - { - "name" : "1020788", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1" - }, - { - "name" : "USN-808-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-808-1" - }, - { - "name" : "VU#725188", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/725188" - }, - { - "name" : "oval:org.mitre.oval:def:10414", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414" - }, - { - "name" : "oval:org.mitre.oval:def:7806", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806" - }, - { - "name" : "oval:org.mitre.oval:def:12245", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245" - }, - { - "name" : "1022613", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022613" - }, - { - "name" : "36053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36053" - }, - { - "name" : "36038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36038" - }, - { - "name" : "36050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36050" - }, - { - "name" : "36056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36056" - }, - { - "name" : "36063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36063" - }, - { - "name" : "36086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36086" - }, - { - "name" : "36098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36098" - }, - { - "name" : "36192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36192" - }, - { - "name" : "36035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36035" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "39334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39334" - }, - { - "name" : "ADV-2009-2036", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2036" - }, - { - "name" : "ADV-2009-2088", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2088" - }, - { - "name" : "ADV-2009-2171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2171" - }, - { - "name" : "ADV-2009-2247", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2247" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36035" + }, + { + "name": "36063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36063" + }, + { + "name": "ADV-2009-2171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2171" + }, + { + "name": "36056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36056" + }, + { + "name": "36038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36038" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc" + }, + { + "name": "VU#725188", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/725188" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "36050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36050" + }, + { + "name": "[4.4] 014: RELIABILITY FIX: July 29, 2009", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata44.html#014_bind" + }, + { + "name": "20090729 rPSA-2009-0113-1 bind bind-utils", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505403/100/0/threaded" + }, + { + "name": "36192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36192" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "ADV-2009-2088", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2088" + }, + { + "name": "1022613", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022613" + }, + { + "name": "https://www.isc.org/node/474", + "refsource": "CONFIRM", + "url": "https://www.isc.org/node/474" + }, + { + "name": "1020788", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1" + }, + { + "name": "ADV-2009-2247", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2247" + }, + { + "name": "oval:org.mitre.oval:def:7806", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "39334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39334" + }, + { + "name": "ADV-2009-2036", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2036" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0113", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0113" + }, + { + "name": "36098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36098" + }, + { + "name": "oval:org.mitre.oval:def:10414", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414" + }, + { + "name": "http://up2date.astaro.com/2009/08/up2date_7505_released.html", + "refsource": "CONFIRM", + "url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html" + }, + { + "name": "USN-808-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-808-1" + }, + { + "name": "36086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36086" + }, + { + "name": "FEDORA-2009-8119", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html" + }, + { + "name": "oval:org.mitre.oval:def:12245", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245" + }, + { + "name": "36053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36053" + }, + { + "name": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt", + "refsource": "CONFIRM", + "url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt" + }, + { + "name": "SSA:2009-210-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499" + }, + { + "name": "NetBSD-SA2009-013", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975" + }, + { + "name": "264828", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0740.json b/2009/0xxx/CVE-2009-0740.json index d65a408f517..fb604e85cb3 100644 --- a/2009/0xxx/CVE-2009-0740.json +++ b/2009/0xxx/CVE-2009-0740.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8035", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8035" - }, - { - "name" : "33725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8035", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8035" + }, + { + "name": "33725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33725" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0778.json b/2009/0xxx/CVE-2009-0778.json index 7b355d22316..4400eea0ff4 100644 --- a/2009/0xxx/CVE-2009-0778.json +++ b/2009/0xxx/CVE-2009-0778.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an \"rt_cache leak.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/03/11/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=485163", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=485163" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "RHSA-2009:0326", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0326.html" - }, - { - "name" : "34084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34084" - }, - { - "name" : "oval:org.mitre.oval:def:10215", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215" - }, - { - "name" : "oval:org.mitre.oval:def:7867", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867" - }, - { - "name" : "1021958", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021958" - }, - { - "name" : "33758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33758" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "linux-kernel-rtcache-dos(49199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an \"rt_cache leak.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2009:0326", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "33758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33758" + }, + { + "name": "oval:org.mitre.oval:def:10215", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:7867", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25" + }, + { + "name": "[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/03/11/2" + }, + { + "name": "1021958", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021958" + }, + { + "name": "linux-kernel-rtcache-dos(49199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=485163", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "34084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34084" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2039.json b/2009/2xxx/CVE-2009-2039.json index 5e85a4754bd..d6b3bbe8538 100644 --- a/2009/2xxx/CVE-2009-2039.json +++ b/2009/2xxx/CVE-2009-2039.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html", - "refsource" : "MISC", - "url" : "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html" - }, - { - "name" : "http://addons.oscommerce.com/info/3698", - "refsource" : "CONFIRM", - "url" : "http://addons.oscommerce.com/info/3698" - }, - { - "name" : "35191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35191" - }, - { - "name" : "35291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35291" - }, - { - "name" : "luottokunta-unspecified-security-bypass(50925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "luottokunta-unspecified-security-bypass(50925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50925" + }, + { + "name": "http://addons.oscommerce.com/info/3698", + "refsource": "CONFIRM", + "url": "http://addons.oscommerce.com/info/3698" + }, + { + "name": "35191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35191" + }, + { + "name": "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html", + "refsource": "MISC", + "url": "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html" + }, + { + "name": "35291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35291" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2848.json b/2009/2xxx/CVE-2009-2848.json index 5beb5272e8a..4bae32aee2b 100644 --- a/2009/2xxx/CVE-2009-2848.json +++ b/2009/2xxx/CVE-2009-2848.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512019/100/0/threaded" - }, - { - "name" : "[linux-kernel] 20090801 [PATCH v2] execve: must clear current->clear_child_tid", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.linux.kernel/871942" - }, - { - "name" : "[oss-security] 20090804 CVE request - kernel: execve: must clear current->clear_child_tid", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/04/2" - }, - { - "name" : "[oss-security] 20090805 Re: CVE request - kernel: execve: must clear current->clear_child_tid", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/05/10" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "FEDORA-2009-9044", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html" - }, - { - "name" : "RHSA-2009:1438", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1438.html" - }, - { - "name" : "RHSA-2009:1550", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1550.html" - }, - { - "name" : "RHSA-2009:1243", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-1243.html" - }, - { - "name" : "SUSE-SA:2009:054", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html" - }, - { - "name" : "SUSE-SA:2009:056", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html" - }, - { - "name" : "SUSE-SA:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" - }, - { - "name" : "USN-852-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-852-1" - }, - { - "name" : "oval:org.mitre.oval:def:11412", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412" - }, - { - "name" : "oval:org.mitre.oval:def:8598", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598" - }, - { - "name" : "oval:org.mitre.oval:def:9766", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766" - }, - { - "name" : "35983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35983" - }, - { - "name" : "36501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36501" - }, - { - "name" : "36759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36759" - }, - { - "name" : "37351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37351" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "37105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37105" - }, - { - "name" : "36562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36562" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "kernel-execve-dos(52899)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "USN-852-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-852-1" + }, + { + "name": "RHSA-2009:1243", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html" + }, + { + "name": "36759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36759" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "37351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37351" + }, + { + "name": "SUSE-SA:2009:056", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html" + }, + { + "name": "SUSE-SA:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" + }, + { + "name": "oval:org.mitre.oval:def:9766", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766" + }, + { + "name": "oval:org.mitre.oval:def:11412", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "36562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36562" + }, + { + "name": "FEDORA-2009-9044", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html" + }, + { + "name": "kernel-execve-dos(52899)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52899" + }, + { + "name": "[linux-kernel] 20090801 [PATCH v2] execve: must clear current->clear_child_tid", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.linux.kernel/871942" + }, + { + "name": "35983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35983" + }, + { + "name": "RHSA-2009:1550", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html" + }, + { + "name": "36501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36501" + }, + { + "name": "oval:org.mitre.oval:def:8598", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598" + }, + { + "name": "[oss-security] 20090804 CVE request - kernel: execve: must clear current->clear_child_tid", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/04/2" + }, + { + "name": "[oss-security] 20090805 Re: CVE request - kernel: execve: must clear current->clear_child_tid", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/05/10" + }, + { + "name": "RHSA-2009:1438", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html" + }, + { + "name": "SUSE-SA:2009:054", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "37105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37105" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3273.json b/2009/3xxx/CVE-2009-3273.json index a5b7e499626..6d3201b14f7 100644 --- a/2009/3xxx/CVE-2009-3273.json +++ b/2009/3xxx/CVE-2009-3273.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090911 iphone email client does not validate ssl certificates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506428/100/0/threaded" - }, - { - "name" : "36370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36370" - }, - { - "name" : "ipod-iphone-ssl-spoofing(53234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ipod-iphone-ssl-spoofing(53234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53234" + }, + { + "name": "36370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36370" + }, + { + "name": "20090911 iphone email client does not validate ssl certificates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506428/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3544.json b/2009/3xxx/CVE-2009-3544.json index 77916b3aaf0..baf3cbc3824 100644 --- a/2009/3xxx/CVE-2009-3544.json +++ b/2009/3xxx/CVE-2009-3544.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9649", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9649" - }, - { - "name" : "58104", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58104" - }, - { - "name" : "36681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36681" + }, + { + "name": "58104", + "refsource": "OSVDB", + "url": "http://osvdb.org/58104" + }, + { + "name": "9649", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9649" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3740.json b/2009/3xxx/CVE-2009-3740.json index f64e9d4edc1..a323167421a 100644 --- a/2009/3xxx/CVE-2009-3740.json +++ b/2009/3xxx/CVE-2009-3740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3740", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3740", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3836.json b/2009/3xxx/CVE-2009-3836.json index 5ffd5b565a5..588398a776c 100644 --- a/2009/3xxx/CVE-2009-3836.json +++ b/2009/3xxx/CVE-2009-3836.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arubanetworks.com/support/alerts/aid-102609.asc", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/support/alerts/aid-102609.asc" - }, - { - "name" : "36832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36832" - }, - { - "name" : "37085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37085" - }, - { - "name" : "ADV-2009-3051", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.arubanetworks.com/support/alerts/aid-102609.asc", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/support/alerts/aid-102609.asc" + }, + { + "name": "ADV-2009-3051", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3051" + }, + { + "name": "36832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36832" + }, + { + "name": "37085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37085" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3960.json b/2009/3xxx/CVE-2009-3960.json index f2498e1fe81..d8e09f7a7f1 100644 --- a/2009/3xxx/CVE-2009-3960.json +++ b/2009/3xxx/CVE-2009-3960.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2009-3960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41855", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41855/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-05.html" - }, - { - "name" : "38197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38197" - }, - { - "name" : "62292", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62292" - }, - { - "name" : "1023584", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023584" - }, - { - "name" : "38543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38197" + }, + { + "name": "1023584", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023584" + }, + { + "name": "62292", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62292" + }, + { + "name": "38543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38543" + }, + { + "name": "41855", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41855/" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-05.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4226.json b/2009/4xxx/CVE-2009-4226.json index 018a5bb3fd0..aa661dc232e 100644 --- a/2009/4xxx/CVE-2009-4226.json +++ b/2009/4xxx/CVE-2009-4226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://opensolaris.org/jive/thread.jspa?messageID=415069&tstart=0", - "refsource" : "CONFIRM", - "url" : "http://opensolaris.org/jive/thread.jspa?messageID=415069&tstart=0" - }, - { - "name" : "268189", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268189-1" - }, - { - "name" : "ADV-2009-3413", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3413" - }, - { - "name" : "solaris-ipkernel-dos(54574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-ipkernel-dos(54574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54574" + }, + { + "name": "ADV-2009-3413", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3413" + }, + { + "name": "268189", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268189-1" + }, + { + "name": "http://opensolaris.org/jive/thread.jspa?messageID=415069&tstart=0", + "refsource": "CONFIRM", + "url": "http://opensolaris.org/jive/thread.jspa?messageID=415069&tstart=0" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4797.json b/2009/4xxx/CVE-2009-4797.json index 5e6d107d44f..27d15f5d7d9 100644 --- a/2009/4xxx/CVE-2009-4797.json +++ b/2009/4xxx/CVE-2009-4797.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8318", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8318" - }, - { - "name" : "http://e-rdc.org/v1/news.php?readmore=132", - "refsource" : "MISC", - "url" : "http://e-rdc.org/v1/news.php?readmore=132" - }, - { - "name" : "34300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34300" - }, - { - "name" : "34532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://e-rdc.org/v1/news.php?readmore=132", + "refsource": "MISC", + "url": "http://e-rdc.org/v1/news.php?readmore=132" + }, + { + "name": "34532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34532" + }, + { + "name": "8318", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8318" + }, + { + "name": "34300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34300" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2203.json b/2012/2xxx/CVE-2012-2203.json index bfaf1299350..119d6b89e8b 100644 --- a/2012/2xxx/CVE-2012-2203.json +++ b/2012/2xxx/CVE-2012-2203.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21606145", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21606145" - }, - { - "name" : "IV31973", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973" - }, - { - "name" : "IV31975", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975" - }, - { - "name" : "54743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54743" - }, - { - "name" : "51279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51279" - }, - { - "name" : "rds-gskit-pkcs-spoofing(77280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rds-gskit-pkcs-spoofing(77280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77280" + }, + { + "name": "51279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51279" + }, + { + "name": "IV31975", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975" + }, + { + "name": "54743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54743" + }, + { + "name": "IV31973", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2222.json b/2012/2xxx/CVE-2012-2222.json index 00a962655c9..154d91f4b78 100644 --- a/2012/2xxx/CVE-2012-2222.json +++ b/2012/2xxx/CVE-2012-2222.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2222", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2222", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0202.json b/2015/0xxx/CVE-2015-0202.json index ac038e80836..0329aaaaf16 100644 --- a/2015/0xxx/CVE-2015-0202.json +++ b/2015/0xxx/CVE-2015-0202.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://subversion.apache.org/security/CVE-2015-0202-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.apache.org/security/CVE-2015-0202-advisory.txt" - }, - { - "name" : "GLSA-201610-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-05" - }, - { - "name" : "MDVSA-2015:192", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:192" - }, - { - "name" : "openSUSE-SU-2015:0672", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html" - }, - { - "name" : "USN-2721-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2721-1" - }, - { - "name" : "76446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76446" - }, - { - "name" : "1032100", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76446" + }, + { + "name": "MDVSA-2015:192", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:192" + }, + { + "name": "1032100", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032100" + }, + { + "name": "USN-2721-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2721-1" + }, + { + "name": "openSUSE-SU-2015:0672", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html" + }, + { + "name": "http://subversion.apache.org/security/CVE-2015-0202-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.apache.org/security/CVE-2015-0202-advisory.txt" + }, + { + "name": "GLSA-201610-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-05" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0460.json b/2015/0xxx/CVE-2015-0460.json index 52e47c979e6..2b6dd6e5320 100644 --- a/2015/0xxx/CVE-2015-0460.json +++ b/2015/0xxx/CVE-2015-0460.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0158.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0158.html" - }, - { - "name" : "DSA-3234", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3234" - }, - { - "name" : "DSA-3235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3235" - }, - { - "name" : "DSA-3316", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3316" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "MDVSA-2015:212", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212" - }, - { - "name" : "RHSA-2015:0806", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0806.html" - }, - { - "name" : "RHSA-2015:0807", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0807.html" - }, - { - "name" : "RHSA-2015:0808", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0808.html" - }, - { - "name" : "RHSA-2015:0809", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0809.html" - }, - { - "name" : "RHSA-2015:0854", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0854.html" - }, - { - "name" : "RHSA-2015:0857", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0857.html" - }, - { - "name" : "RHSA-2015:0858", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0858.html" - }, - { - "name" : "openSUSE-SU-2015:0773", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" - }, - { - "name" : "openSUSE-SU-2015:0774", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:0833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" - }, - { - "name" : "USN-2573-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2573-1" - }, - { - "name" : "USN-2574-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2574-1" - }, - { - "name" : "74097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74097" - }, - { - "name" : "1032120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0857", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html" + }, + { + "name": "DSA-3235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3235" + }, + { + "name": "RHSA-2015:0806", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0806.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0158.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0158.html" + }, + { + "name": "SUSE-SU-2015:0833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" + }, + { + "name": "MDVSA-2015:212", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212" + }, + { + "name": "74097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74097" + }, + { + "name": "DSA-3316", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3316" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "1032120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032120" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "openSUSE-SU-2015:0773", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" + }, + { + "name": "DSA-3234", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3234" + }, + { + "name": "USN-2573-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2573-1" + }, + { + "name": "RHSA-2015:0807", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0807.html" + }, + { + "name": "RHSA-2015:0858", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0858.html" + }, + { + "name": "RHSA-2015:0808", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0808.html" + }, + { + "name": "USN-2574-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2574-1" + }, + { + "name": "RHSA-2015:0809", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0809.html" + }, + { + "name": "openSUSE-SU-2015:0774", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" + }, + { + "name": "RHSA-2015:0854", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1291.json b/2015/1xxx/CVE-2015-1291.json index b3e9571629e..bff0d981c26 100644 --- a/2015/1xxx/CVE-2015-1291.json +++ b/2015/1xxx/CVE-2015-1291.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=516377", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=516377" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=200098&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=200098&view=revision" - }, - { - "name" : "DSA-3351", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3351" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1712", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1712.html" - }, - { - "name" : "openSUSE-SU-2015:1873", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2015:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" - }, - { - "name" : "1033472", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1873", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=200098&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=200098&view=revision" + }, + { + "name": "RHSA-2015:1712", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1712.html" + }, + { + "name": "1033472", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033472" + }, + { + "name": "openSUSE-SU-2015:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" + }, + { + "name": "DSA-3351", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3351" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=516377", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=516377" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1664.json b/2015/1xxx/CVE-2015-1664.json index 4e4f6879bc5..65571247ff0 100644 --- a/2015/1xxx/CVE-2015-1664.json +++ b/2015/1xxx/CVE-2015-1664.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1664", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1664", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1995.json b/2015/1xxx/CVE-2015-1995.json index ff7d4a8f352..6e255e53b52 100644 --- a/2015/1xxx/CVE-2015-1995.json +++ b/2015/1xxx/CVE-2015-1995.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968326", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21968326", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968326" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5106.json b/2015/5xxx/CVE-2015-5106.json index 0d047e88ce2..2e48a17c497 100644 --- a/2015/5xxx/CVE-2015-5106.json +++ b/2015/5xxx/CVE-2015-5106.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5090." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-370", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-370" - }, - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "75743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75743" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5090." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-370", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-370" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "75743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75743" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5174.json b/2015/5xxx/CVE-2015-5174.json index fdafbd18aa4..f4ad4622abe 100644 --- a/2015/5xxx/CVE-2015-5174.json +++ b/2015/5xxx/CVE-2015-5174.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Feb/149" - }, - { - "name" : "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1696281", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1696281" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1696284", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1696284" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1700897", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1700897" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1700898", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1700898" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1700900", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1700900" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "http://tomcat.apache.org/security-8.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-8.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa118", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa118" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180531-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180531-0001/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "DSA-3530", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3530" - }, - { - "name" : "DSA-3609", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3609" - }, - { - "name" : "DSA-3552", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3552" - }, - { - "name" : "GLSA-201705-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-09" - }, - { - "name" : "HPSBUX03561", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=145974991225029&w=2" - }, - { - "name" : "RHSA-2016:1433", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1433" - }, - { - "name" : "RHSA-2016:1434", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1434" - }, - { - "name" : "RHSA-2016:1435", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1435.html" - }, - { - "name" : "RHSA-2016:2045", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2045.html" - }, - { - "name" : "RHSA-2016:1432", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1432" - }, - { - "name" : "RHSA-2016:2599", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2599.html" - }, - { - "name" : "SUSE-SU-2016:0769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html" - }, - { - "name" : "SUSE-SU-2016:0822", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html" - }, - { - "name" : "SUSE-SU-2016:0839", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html" - }, - { - "name" : "openSUSE-SU-2016:0865", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html" - }, - { - "name" : "USN-3024-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3024-1" - }, - { - "name" : "83329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83329" - }, - { - "name" : "1035070", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "GLSA-201705-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-09" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1700900", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1700900" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "openSUSE-SU-2016:0865", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html" + }, + { + "name": "USN-3024-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3024-1" + }, + { + "name": "SUSE-SU-2016:0769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html" + }, + { + "name": "RHSA-2016:2045", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html" + }, + { + "name": "DSA-3530", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3530" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "HPSBUX03561", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=145974991225029&w=2" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1696284", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1696284" + }, + { + "name": "http://tomcat.apache.org/security-8.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-8.html" + }, + { + "name": "RHSA-2016:1434", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1434" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1700898", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1700898" + }, + { + "name": "1035070", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035070" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa118", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa118" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442" + }, + { + "name": "RHSA-2016:1433", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1433" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180531-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180531-0001/" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "83329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83329" + }, + { + "name": "RHSA-2016:1432", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1432" + }, + { + "name": "SUSE-SU-2016:0822", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html" + }, + { + "name": "RHSA-2016:2599", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html" + }, + { + "name": "20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Feb/149" + }, + { + "name": "DSA-3609", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3609" + }, + { + "name": "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html" + }, + { + "name": "SUSE-SU-2016:0839", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1696281", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1696281" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1700897", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1700897" + }, + { + "name": "RHSA-2016:1435", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626" + }, + { + "name": "DSA-3552", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3552" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5510.json b/2015/5xxx/CVE-2015-5510.json index e12c5a1f49f..33371b85d4a 100644 --- a/2015/5xxx/CVE-2015-5510.json +++ b/2015/5xxx/CVE-2015-5510.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4" - }, - { - "name" : "https://www.drupal.org/node/2507753", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2507753" - }, - { - "name" : "https://www.drupal.org/node/2507763", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2507763" - }, - { - "name" : "75281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2507753", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2507753" + }, + { + "name": "75281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75281" + }, + { + "name": "https://www.drupal.org/node/2507763", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2507763" + }, + { + "name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/04/4" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5519.json b/2015/5xxx/CVE-2015-5519.json index 2f2cf932b1b..d47f59a9d86 100644 --- a/2015/5xxx/CVE-2015-5519.json +++ b/2015/5xxx/CVE-2015-5519.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150706 WideImage Demo Code Cross Site Scripting (XSS)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/30" - }, - { - "name" : "http://packetstormsecurity.com/files/132584/WideImage-11.02.19-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132584/WideImage-11.02.19-Cross-Site-Scripting.html" - }, - { - "name" : "http://sourceforge.net/p/wideimage/bugs/42/", - "refsource" : "MISC", - "url" : "http://sourceforge.net/p/wideimage/bugs/42/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/p/wideimage/bugs/42/", + "refsource": "MISC", + "url": "http://sourceforge.net/p/wideimage/bugs/42/" + }, + { + "name": "20150706 WideImage Demo Code Cross Site Scripting (XSS)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/30" + }, + { + "name": "http://packetstormsecurity.com/files/132584/WideImage-11.02.19-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132584/WideImage-11.02.19-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5527.json b/2015/5xxx/CVE-2015-5527.json index c41ede07302..7ff06d19dbf 100644 --- a/2015/5xxx/CVE-2015-5527.json +++ b/2015/5xxx/CVE-2015-5527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5609.json b/2015/5xxx/CVE-2015-5609.json index 24629408de7..5dbd5f5f044 100644 --- a/2015/5xxx/CVE-2015-5609.json +++ b/2015/5xxx/CVE-2015-5609.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150713 Remote file download vulnerability in Wordpress Plugin image-export v1.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/13/10" - }, - { - "name" : "[oss-security] 20150720 Re: Remote file download vulnerability in Wordpress Plugin image-export v1.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/21/1" - }, - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=135", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapid.dhs.org/advisory.php?v=135", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=135" + }, + { + "name": "[oss-security] 20150720 Re: Remote file download vulnerability in Wordpress Plugin image-export v1.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/21/1" + }, + { + "name": "[oss-security] 20150713 Remote file download vulnerability in Wordpress Plugin image-export v1.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/13/10" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5745.json b/2015/5xxx/CVE-2015-5745.json index 335d7e7711b..f42f7b8d3dd 100644 --- a/2015/5xxx/CVE-2015-5745.json +++ b/2015/5xxx/CVE-2015-5745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11575.json b/2018/11xxx/CVE-2018-11575.json index d2f91723310..bf60d72540e 100644 --- a/2018/11xxx/CVE-2018-11575.json +++ b/2018/11xxx/CVE-2018-11575.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib", - "refsource" : "MISC", - "url" : "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib" - }, - { - "name" : "https://github.com/miniupnp/ngiflib/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/miniupnp/ngiflib/issues/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/miniupnp/ngiflib/issues/4", + "refsource": "MISC", + "url": "https://github.com/miniupnp/ngiflib/issues/4" + }, + { + "name": "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib", + "refsource": "MISC", + "url": "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3002.json b/2018/3xxx/CVE-2018-3002.json index f33ac396db8..c3f18695fd9 100644 --- a/2018/3xxx/CVE-2018-3002.json +++ b/2018/3xxx/CVE-2018-3002.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Cruise Fleet Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Fleet Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104811" - }, - { - "name" : "1041300", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104811" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041300", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041300" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3064.json b/2018/3xxx/CVE-2018-3064.json index b67bf87c2db..509fdfdcae9 100644 --- a/2018/3xxx/CVE-2018-3064.json +++ b/2018/3xxx/CVE-2018-3064.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.40 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.22 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.11 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.40 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.22 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.11 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" - }, - { - "name" : "DSA-4341", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4341" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3725-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3725-1/" - }, - { - "name" : "104776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104776" - }, - { - "name" : "1041294", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4341", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4341" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "USN-3725-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3725-1/" + }, + { + "name": "1041294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041294" + }, + { + "name": "104776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104776" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180726-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180726-0002/" + }, + { + "name": "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3718.json b/2018/3xxx/CVE-2018-3718.json index 83b55e11d2b..1e914014710 100644 --- a/2018/3xxx/CVE-2018-3718.json +++ b/2018/3xxx/CVE-2018-3718.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "serve node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Handling of URL Encoding (Hex Encoding) (CWE-177)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "serve node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/308721", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/308721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Handling of URL Encoding (Hex Encoding) (CWE-177)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/308721", + "refsource": "MISC", + "url": "https://hackerone.com/reports/308721" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3754.json b/2018/3xxx/CVE-2018-3754.json index f21ab4680b5..04e13d0f29b 100644 --- a/2018/3xxx/CVE-2018-3754.json +++ b/2018/3xxx/CVE-2018-3754.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-05-24T00:00:00", - "ID" : "CVE-2018-3754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-05-24T00:00:00", + "ID": "CVE-2018-3754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/311244", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/311244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/311244", + "refsource": "MISC", + "url": "https://hackerone.com/reports/311244" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6014.json b/2018/6xxx/CVE-2018-6014.json index 7898085f6f2..10bf9ca7d91 100644 --- a/2018/6xxx/CVE-2018-6014.json +++ b/2018/6xxx/CVE-2018-6014.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Subsonic v6.1.3 has an insecure allow-access-from domain=\"*\" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=2115", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=2115" - }, - { - "name" : "https://www.youtube.com/watch?v=t3nYuhAHOMg", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=t3nYuhAHOMg" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Subsonic v6.1.3 has an insecure allow-access-from domain=\"*\" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=2115", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=2115" + }, + { + "name": "https://www.youtube.com/watch?v=t3nYuhAHOMg", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=t3nYuhAHOMg" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7113.json b/2018/7xxx/CVE-2018-7113.json index 9049552121a..3704dc03713 100644 --- a/2018/7xxx/CVE-2018-7113.json +++ b/2018/7xxx/CVE-2018-7113.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "iLO 5 for HPE Gen10 Servers - Prior to v1.37" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "local bypass of security restrictions" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers", + "version": { + "version_data": [ + { + "version_value": "iLO 5 for HPE Gen10 Servers - Prior to v1.37" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03894en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03894en_us" - }, - { - "name" : "1042010", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local bypass of security restrictions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042010", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042010" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03894en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03894en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7301.json b/2018/7xxx/CVE-2018-7301.json index 70b08b15f65..39400400dd2 100644 --- a/2018/7xxx/CVE-2018-7301.json +++ b/2018/7xxx/CVE-2018-7301.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://atomic111.github.io/article/homematic-ccu2-xml-rpc", - "refsource" : "MISC", - "url" : "http://atomic111.github.io/article/homematic-ccu2-xml-rpc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://atomic111.github.io/article/homematic-ccu2-xml-rpc", + "refsource": "MISC", + "url": "http://atomic111.github.io/article/homematic-ccu2-xml-rpc" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7385.json b/2018/7xxx/CVE-2018-7385.json index 0792bc305ce..e3921b30d5b 100644 --- a/2018/7xxx/CVE-2018-7385.json +++ b/2018/7xxx/CVE-2018-7385.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7385", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7385", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7661.json b/2018/7xxx/CVE-2018-7661.json index 2837e874cfa..e4d10e45044 100644 --- a/2018/7xxx/CVE-2018-7661.json +++ b/2018/7xxx/CVE-2018-7661.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "442322", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/442322/" - }, - { - "name" : "https://blog.manchestergreyhats.co.uk/2018/02/25/eavesdropping-on-wifi-baby-monitor/", - "refsource" : "MISC", - "url" : "https://blog.manchestergreyhats.co.uk/2018/02/25/eavesdropping-on-wifi-baby-monitor/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.manchestergreyhats.co.uk/2018/02/25/eavesdropping-on-wifi-baby-monitor/", + "refsource": "MISC", + "url": "https://blog.manchestergreyhats.co.uk/2018/02/25/eavesdropping-on-wifi-baby-monitor/" + }, + { + "name": "442322", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/442322/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7800.json b/2018/7xxx/CVE-2018-7800.json index 15ce1f11e86..de3b16dc2ca 100644 --- a/2018/7xxx/CVE-2018-7800.json +++ b/2018/7xxx/CVE-2018-7800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "ID" : "CVE-2018-7800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EVLink Parking v3.2.0-12_v1 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "EVLink Parking v3.2.0-12_v1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Hard-coded Credentials" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "ID": "CVE-2018-7800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EVLink Parking v3.2.0-12_v1 and earlier", + "version": { + "version_data": [ + { + "version_value": "EVLink Parking v3.2.0-12_v1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/" - }, - { - "name" : "106807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/" + }, + { + "name": "106807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106807" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8021.json b/2018/8xxx/CVE-2018-8021.json index fff9cdac524..5b04089398c 100644 --- a/2018/8xxx/CVE-2018-8021.json +++ b/2018/8xxx/CVE-2018-8021.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2018-8021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Superset", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 0.23" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "RCE" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2018-8021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Superset", + "version": { + "version_data": [ + { + "version_value": "prior to 0.23" + } + ] + } + } + ] + }, + "vendor_name": "" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45933", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45933/" - }, - { - "name" : "https://github.com/apache/incubator-superset/pull/4243", - "refsource" : "MISC", - "url" : "https://github.com/apache/incubator-superset/pull/4243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RCE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45933", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45933/" + }, + { + "name": "https://github.com/apache/incubator-superset/pull/4243", + "refsource": "MISC", + "url": "https://github.com/apache/incubator-superset/pull/4243" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8202.json b/2018/8xxx/CVE-2018-8202.json index a12088ee9f4..f3f7db57f58 100644 --- a/2018/8xxx/CVE-2018-8202.json +++ b/2018/8xxx/CVE-2018-8202.json @@ -1,279 +1,279 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft .NET Framework", - "version" : { - "version_data" : [ - { - "version_value" : "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "3.5 on Windows 10 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "3.5 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "3.5 on Windows Server 2012" - }, - { - "version_value" : "3.5 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2012 R2" - }, - { - "version_value" : "3.5 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2016" - }, - { - "version_value" : "3.5 on Windows Server 2016 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server, version 1709 (Server Core Installation)" - }, - { - "version_value" : "3.5 on Windows Server, version 1803 (Server Core Installation)" - }, - { - "version_value" : "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "4.5.2 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "4.5.2 on Windows RT 8.1" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows Server 2012" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 R2" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "4.7.2 on Windows Server, version 1803 (Server Core Installation)" - }, - { - "version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka \".NET Framework Elevation of Privilege Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework", + "version": { + "version_data": [ + { + "version_value": "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "3.5 on Windows 10 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "3.5 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "3.5 on Windows Server 2012" + }, + { + "version_value": "3.5 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2012 R2" + }, + { + "version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2016" + }, + { + "version_value": "3.5 on Windows Server 2016 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)" + }, + { + "version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)" + }, + { + "version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "4.5.2 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "4.5.2 on Windows RT 8.1" + }, + { + "version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows Server 2012" + }, + { + "version_value": "4.5.2 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows Server 2012 R2" + }, + { + "version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)" + }, + { + "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202" - }, - { - "name" : "104665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104665" - }, - { - "name" : "1041257", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka \".NET Framework Elevation of Privilege Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202" + }, + { + "name": "104665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104665" + }, + { + "name": "1041257", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041257" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8319.json b/2018/8xxx/CVE-2018-8319.json index 3e204a0997e..5157ca89f56 100644 --- a/2018/8xxx/CVE-2018-8319.json +++ b/2018/8xxx/CVE-2018-8319.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Research JavaScript Cryptography Library", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Research JavaScript Cryptography Library" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka \"MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability.\" This affects Microsoft Research JavaScript Cryptography Library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Research JavaScript Cryptography Library", + "version": { + "version_data": [ + { + "version_value": "Microsoft Research JavaScript Cryptography Library" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319" - }, - { - "name" : "104655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104655" - }, - { - "name" : "1041268", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka \"MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability.\" This affects Microsoft Research JavaScript Cryptography Library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104655" + }, + { + "name": "1041268", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041268" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8521.json b/2018/8xxx/CVE-2018-8521.json index 6fe005bcef6..405eb5df2ea 100644 --- a/2018/8xxx/CVE-2018-8521.json +++ b/2018/8xxx/CVE-2018-8521.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8521", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8521", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8846.json b/2018/8xxx/CVE-2018-8846.json index a04878eaa0a..5878e85feff 100644 --- a/2018/8xxx/CVE-2018-8846.json +++ b/2018/8xxx/CVE-2018-8846.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-31T00:00:00", - "ID" : "CVE-2018-8846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "e-Alert Unit (non-medical device)", - "version" : { - "version_data" : [ - { - "version_value" : "R2.1 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Philips" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-31T00:00:00", + "ID": "CVE-2018-8846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "e-Alert Unit (non-medical device)", + "version": { + "version_data": [ + { + "version_value": "R2.1 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Philips" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01" - }, - { - "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", - "refsource" : "CONFIRM", - "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" - }, - { - "name" : "105194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource": "CONFIRM", + "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" + }, + { + "name": "105194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105194" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01" + } + ] + } +} \ No newline at end of file