From b3b8f7848bf37659c9b7f4c2dc6aa7c4bf234825 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:47:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0025.json | 34 ++-- 2005/0xxx/CVE-2005-0621.json | 140 +++++++------- 2005/0xxx/CVE-2005-0734.json | 150 +++++++-------- 2005/0xxx/CVE-2005-0842.json | 130 ++++++------- 2005/0xxx/CVE-2005-0943.json | 150 +++++++-------- 2005/2xxx/CVE-2005-2065.json | 130 ++++++------- 2005/2xxx/CVE-2005-2331.json | 150 +++++++-------- 2005/3xxx/CVE-2005-3123.json | 220 +++++++++++----------- 2005/3xxx/CVE-2005-3168.json | 130 ++++++------- 2005/4xxx/CVE-2005-4056.json | 160 ++++++++-------- 2005/4xxx/CVE-2005-4351.json | 160 ++++++++-------- 2005/4xxx/CVE-2005-4407.json | 130 ++++++------- 2005/4xxx/CVE-2005-4816.json | 160 ++++++++-------- 2009/0xxx/CVE-2009-0145.json | 260 +++++++++++++------------- 2009/0xxx/CVE-2009-0569.json | 170 ++++++++--------- 2009/0xxx/CVE-2009-0948.json | 34 ++-- 2009/2xxx/CVE-2009-2043.json | 160 ++++++++-------- 2009/2xxx/CVE-2009-2506.json | 170 ++++++++--------- 2009/2xxx/CVE-2009-2616.json | 120 ++++++------ 2009/3xxx/CVE-2009-3466.json | 170 ++++++++--------- 2009/3xxx/CVE-2009-3887.json | 34 ++-- 2009/4xxx/CVE-2009-4015.json | 200 ++++++++++---------- 2009/4xxx/CVE-2009-4048.json | 140 +++++++------- 2009/4xxx/CVE-2009-4550.json | 140 +++++++------- 2009/4xxx/CVE-2009-4580.json | 160 ++++++++-------- 2009/4xxx/CVE-2009-4958.json | 130 ++++++------- 2009/4xxx/CVE-2009-4999.json | 130 ++++++------- 2012/2xxx/CVE-2012-2691.json | 260 +++++++++++++------------- 2012/2xxx/CVE-2012-2793.json | 210 ++++++++++----------- 2015/0xxx/CVE-2015-0170.json | 120 ++++++------ 2015/0xxx/CVE-2015-0257.json | 130 ++++++------- 2015/0xxx/CVE-2015-0458.json | 350 +++++++++++++++++------------------ 2015/1xxx/CVE-2015-1354.json | 34 ++-- 2015/1xxx/CVE-2015-1528.json | 150 +++++++-------- 2015/5xxx/CVE-2015-5358.json | 170 ++++++++--------- 2015/5xxx/CVE-2015-5411.json | 130 ++++++------- 2015/5xxx/CVE-2015-5418.json | 150 +++++++-------- 2015/5xxx/CVE-2015-5590.json | 170 ++++++++--------- 2015/5xxx/CVE-2015-5975.json | 34 ++-- 2018/3xxx/CVE-2018-3717.json | 142 +++++++------- 2018/3xxx/CVE-2018-3858.json | 122 ++++++------ 2018/3xxx/CVE-2018-3903.json | 122 ++++++------ 2018/6xxx/CVE-2018-6595.json | 34 ++-- 2018/6xxx/CVE-2018-6655.json | 120 ++++++------ 2018/6xxx/CVE-2018-6843.json | 120 ++++++------ 2018/7xxx/CVE-2018-7528.json | 132 ++++++------- 2018/7xxx/CVE-2018-7604.json | 34 ++-- 2018/7xxx/CVE-2018-7664.json | 130 ++++++------- 2018/7xxx/CVE-2018-7675.json | 164 ++++++++-------- 2018/7xxx/CVE-2018-7817.json | 130 ++++++------- 2018/8xxx/CVE-2018-8217.json | 190 +++++++++---------- 2018/8xxx/CVE-2018-8311.json | 182 +++++++++--------- 2018/8xxx/CVE-2018-8401.json | 240 ++++++++++++------------ 53 files changed, 3816 insertions(+), 3816 deletions(-) diff --git a/2005/0xxx/CVE-2005-0025.json b/2005/0xxx/CVE-2005-0025.json index c822b283617..97d6c9590a0 100644 --- a/2005/0xxx/CVE-2005-0025.json +++ b/2005/0xxx/CVE-2005-0025.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0025", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0025", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0621.json b/2005/0xxx/CVE-2005-0621.json index 3cfdc4fe432..7d35ea7c25e 100644 --- a/2005/0xxx/CVE-2005-0621.json +++ b/2005/0xxx/CVE-2005-0621.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a \"newpos\" value that is less than or equal to a size value, or (4) partial packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050228 Server termination in Scrapland 1.0", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110961578504928&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/scrapboom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/scrapboom-adv.txt" - }, - { - "name" : "14435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a \"newpos\" value that is less than or equal to a size value, or (4) partial packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14435" + }, + { + "name": "http://aluigi.altervista.org/adv/scrapboom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/scrapboom-adv.txt" + }, + { + "name": "20050228 Server termination in Scrapland 1.0", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110961578504928&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0734.json b/2005/0xxx/CVE-2005-0734.json index c324ca14f31..8f32bcc6afb 100644 --- a/2005/0xxx/CVE-2005-0734.json +++ b/2005/0xxx/CVE-2005-0734.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (memory exhaustion and process crash) via a large number of HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050310 Multiple Vulnerabilities of PY Software Active Webcam WebServer", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0216.html" - }, - { - "name" : "http://secway.org/advisory/ad20050104.txt", - "refsource" : "MISC", - "url" : "http://secway.org/advisory/ad20050104.txt" - }, - { - "name" : "14553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14553" - }, - { - "name" : "active-webcam-memory-dos(19653)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (memory exhaustion and process crash) via a large number of HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "active-webcam-memory-dos(19653)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19653" + }, + { + "name": "http://secway.org/advisory/ad20050104.txt", + "refsource": "MISC", + "url": "http://secway.org/advisory/ad20050104.txt" + }, + { + "name": "20050310 Multiple Vulnerabilities of PY Software Active Webcam WebServer", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0216.html" + }, + { + "name": "14553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14553" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0842.json b/2005/0xxx/CVE-2005-0842.json index 35c7f03c17f..8d954f0be08 100644 --- a/2005/0xxx/CVE-2005-0842.json +++ b/2005/0xxx/CVE-2005-0842.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050322 Kayako eSupport Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111151292704335&w=2" - }, - { - "name" : "13563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050322 Kayako eSupport Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111151292704335&w=2" + }, + { + "name": "13563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13563" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0943.json b/2005/0xxx/CVE-2005-0943.json index 990d0e65fe3..13e1c797b37 100644 --- a/2005/0xxx/CVE-2005-0943.json +++ b/2005/0xxx/CVE-2005-0943.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050330 Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml" - }, - { - "name" : "12948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12948" - }, - { - "name" : "14784", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14784" - }, - { - "name" : "cisco-vpn-3000-dos(19903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050330 Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml" + }, + { + "name": "12948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12948" + }, + { + "name": "14784", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14784" + }, + { + "name": "cisco-vpn-3000-dos(19903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19903" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2065.json b/2005/2xxx/CVE-2005-2065.json index 89efd931ed6..201d0625cd1 100644 --- a/2005/2xxx/CVE-2005-2065.json +++ b/2005/2xxx/CVE-2005-2065.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF (\"%0d%0a\") sequences in the LangCode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050626 M4DR007-07SA (security advisory): Multiple vulnerabilities in ASP Nuke 0.80", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111989223906484&w=2" - }, - { - "name" : "14063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF (\"%0d%0a\") sequences in the LangCode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050626 M4DR007-07SA (security advisory): Multiple vulnerabilities in ASP Nuke 0.80", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111989223906484&w=2" + }, + { + "name": "14063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14063" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2331.json b/2005/2xxx/CVE-2005-2331.json index 97e3a91828a..e199547c8f9 100644 --- a/2005/2xxx/CVE-2005-2331.json +++ b/2005/2xxx/CVE-2005-2331.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14280" - }, - { - "name" : "1014487", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014487" - }, - { - "name" : "16093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16093" - }, - { - "name" : "moosegallery-display-file-include(21388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "moosegallery-display-file-include(21388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21388" + }, + { + "name": "16093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16093" + }, + { + "name": "1014487", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014487" + }, + { + "name": "14280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14280" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3123.json b/2005/3xxx/CVE-2005-3123.json index 69366226ad6..1cf12f2b48b 100644 --- a/2005/3xxx/CVE-2005-3123.json +++ b/2005/3xxx/CVE-2005-3123.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as \"/.//..//////././\", which is collapsed into \"/.././\" after \"..\" and \"//\" sequences are removed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Gnump3d-users] 20051028 New release - security fixes.", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html" - }, - { - "name" : "DSA-877", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-877" - }, - { - "name" : "SUSE-SR:2005:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_28_sr.html" - }, - { - "name" : "SUSE-SR:2005:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_27_sr.html" - }, - { - "name" : "ADV-2005-2242", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2242" - }, - { - "name" : "15228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15228" - }, - { - "name" : "20360", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20360" - }, - { - "name" : "1015118", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015118" - }, - { - "name" : "17351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17351" - }, - { - "name" : "17559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17559" - }, - { - "name" : "127", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as \"/.//..//////././\", which is collapsed into \"/.././\" after \"..\" and \"//\" sequences are removed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2005:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html" + }, + { + "name": "20360", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20360" + }, + { + "name": "127", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/127" + }, + { + "name": "1015118", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015118" + }, + { + "name": "17559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17559" + }, + { + "name": "15228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15228" + }, + { + "name": "[Gnump3d-users] 20051028 New release - security fixes.", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html" + }, + { + "name": "ADV-2005-2242", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2242" + }, + { + "name": "DSA-877", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-877" + }, + { + "name": "17351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17351" + }, + { + "name": "SUSE-SR:2005:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3168.json b/2005/3xxx/CVE-2005-3168.json index 72fb11c8874..4a0ef80f923 100644 --- a/2005/3xxx/CVE-2005-3168.json +++ b/2005/3xxx/CVE-2005-3168.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "900345", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/900345" - }, - { - "name" : "834424", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/834424/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "834424", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/834424/" + }, + { + "name": "900345", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/900345" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4056.json b/2005/4xxx/CVE-2005-4056.json index a2b6b079444..f85b2947eff 100644 --- a/2005/4xxx/CVE-2005-4056.json +++ b/2005/4xxx/CVE-2005-4056.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) Location, (2) Last Name, and (3) First Name parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/pluggedout-nexus-sqlxss-vuln_06.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/pluggedout-nexus-sqlxss-vuln_06.html" - }, - { - "name" : "15724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15724" - }, - { - "name" : "ADV-2005-2751", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2751" - }, - { - "name" : "21478", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21478" - }, - { - "name" : "17909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) Location, (2) Last Name, and (3) First Name parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/pluggedout-nexus-sqlxss-vuln_06.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/pluggedout-nexus-sqlxss-vuln_06.html" + }, + { + "name": "15724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15724" + }, + { + "name": "ADV-2005-2751", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2751" + }, + { + "name": "21478", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21478" + }, + { + "name": "17909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17909" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4351.json b/2005/4xxx/CVE-2005-4351.json index de8bdcc121d..5407366c18a 100644 --- a/2005/4xxx/CVE-2005-4351.json +++ b/2005/4xxx/CVE-2005-4351.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060109 BSD Securelevels: Circumventing protection of files flagged immutable", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041177.html" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt" - }, - { - "name" : "http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html", - "refsource" : "MISC", - "url" : "http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html" - }, - { - "name" : "bsd-securelevel-immutable-file-bypass(24037)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt" + }, + { + "name": "20060109 BSD Securelevels: Circumventing protection of files flagged immutable", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041177.html" + }, + { + "name": "bsd-securelevel-immutable-file-bypass(24037)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24037" + }, + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt" + }, + { + "name": "http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html", + "refsource": "MISC", + "url": "http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4407.json b/2005/4xxx/CVE-2005-4407.json index 081f251ce78..16c33b53008 100644 --- a/2005/4xxx/CVE-2005-4407.json +++ b/2005/4xxx/CVE-2005-4407.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/mercury-cms-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/mercury-cms-vuln.html" - }, - { - "name" : "21863", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/mercury-cms-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/mercury-cms-vuln.html" + }, + { + "name": "21863", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21863" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4816.json b/2005/4xxx/CVE-2005-4816.json index cab264193de..25d8600181b 100644 --- a/2005/4xxx/CVE-2005-4816.json +++ b/2005/4xxx/CVE-2005-4816.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Dailydave] 20060207 ProFTPD bug", - "refsource" : "MLIST", - "url" : "http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html" - }, - { - "name" : "http://bugs.proftpd.org/show_bug.cgi?id=2658", - "refsource" : "CONFIRM", - "url" : "http://bugs.proftpd.org/show_bug.cgi?id=2658" - }, - { - "name" : "DSA-1245", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1245" - }, - { - "name" : "16535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16535" - }, - { - "name" : "23063", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Dailydave] 20060207 ProFTPD bug", + "refsource": "MLIST", + "url": "http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html" + }, + { + "name": "http://bugs.proftpd.org/show_bug.cgi?id=2658", + "refsource": "CONFIRM", + "url": "http://bugs.proftpd.org/show_bug.cgi?id=2658" + }, + { + "name": "16535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16535" + }, + { + "name": "DSA-1245", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1245" + }, + { + "name": "23063", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23063" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0145.json b/2009/0xxx/CVE-2009-0145.json index 6e6669df9e9..259421c95c3 100644 --- a/2009/0xxx/CVE-2009-0145.json +++ b/2009/0xxx/CVE-2009-0145.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "34926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34926" - }, - { - "name" : "1022209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022209" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - }, - { - "name" : "macos-coregraphics-pdf-code-execution(50481)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "macos-coregraphics-pdf-code-execution(50481)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50481" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "1022209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022209" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "34926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34926" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0569.json b/2009/0xxx/CVE-2009-0569.json index e63d62b100e..7a23912a78a 100644 --- a/2009/0xxx/CVE-2009-0569.json +++ b/2009/0xxx/CVE-2009-0569.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rimarts.jp/downloads/B2/Readme-e.txt", - "refsource" : "CONFIRM", - "url" : "http://www.rimarts.jp/downloads/B2/Readme-e.txt" - }, - { - "name" : "JVN#29641290", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN29641290/index.html" - }, - { - "name" : "JVNDB-2009-000011", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000011.html" - }, - { - "name" : "33756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33756" - }, - { - "name" : "33892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33892" - }, - { - "name" : "becky-readreceipt-bo(48684)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2009-000011", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000011.html" + }, + { + "name": "becky-readreceipt-bo(48684)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48684" + }, + { + "name": "33892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33892" + }, + { + "name": "33756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33756" + }, + { + "name": "http://www.rimarts.jp/downloads/B2/Readme-e.txt", + "refsource": "CONFIRM", + "url": "http://www.rimarts.jp/downloads/B2/Readme-e.txt" + }, + { + "name": "JVN#29641290", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN29641290/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0948.json b/2009/0xxx/CVE-2009-0948.json index 52cb6973a11..e8614e7fe84 100644 --- a/2009/0xxx/CVE-2009-0948.json +++ b/2009/0xxx/CVE-2009-0948.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0948", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0948", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2043.json b/2009/2xxx/CVE-2009-2043.json index ded3c1243ce..542c5f864b7 100644 --- a/2009/2xxx/CVE-2009-2043.json +++ b/2009/2xxx/CVE-2009-2043.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490425", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490425" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=488570", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=488570" - }, - { - "name" : "RHSA-2009:1095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1095.html" - }, - { - "name" : "35413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35413" - }, - { - "name" : "firefox-nsviewmanager-dos(51197)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=488570", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488570" + }, + { + "name": "35413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35413" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=490425", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=490425" + }, + { + "name": "RHSA-2009:1095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1095.html" + }, + { + "name": "firefox-nsviewmanager-dos(51197)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51197" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2506.json b/2009/2xxx/CVE-2009-2506.json index 5ebfed89e27..a4ee21c2e77 100644 --- a/2009/2xxx/CVE-2009-2506.json +++ b/2009/2xxx/CVE-2009-2506.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-2506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091208 Microsoft WordPad Word97 Converter Integer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100070184", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100070184" - }, - { - "name" : "MS09-073", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073" - }, - { - "name" : "TA09-342A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-342A.html" - }, - { - "name" : "37216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37216" - }, - { - "name" : "oval:org.mitre.oval:def:5846", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5846", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846" + }, + { + "name": "37216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37216" + }, + { + "name": "TA09-342A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html" + }, + { + "name": "20091208 Microsoft WordPad Word97 Converter Integer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834" + }, + { + "name": "MS09-073", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100070184", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100070184" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2616.json b/2009/2xxx/CVE-2009-2616.json index a2a7d334fc3..638b6030d1c 100644 --- a/2009/2xxx/CVE-2009-2616.json +++ b/2009/2xxx/CVE-2009-2616.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35625" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3466.json b/2009/3xxx/CVE-2009-3466.json index 50f67bf76b0..2f3937ea7b2 100644 --- a/2009/3xxx/CVE-2009-3466.json +++ b/2009/3xxx/CVE-2009-3466.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an \"invalid string length vulnerability.\" NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2009-3466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-16.html" - }, - { - "name" : "36905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36905" - }, - { - "name" : "oval:org.mitre.oval:def:6395", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6395" - }, - { - "name" : "1023123", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023123" - }, - { - "name" : "ADV-2009-3134", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3134" - }, - { - "name" : "shockwave-string-code-execution(54121)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an \"invalid string length vulnerability.\" NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shockwave-string-code-execution(54121)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54121" + }, + { + "name": "36905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36905" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-16.html" + }, + { + "name": "oval:org.mitre.oval:def:6395", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6395" + }, + { + "name": "ADV-2009-3134", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3134" + }, + { + "name": "1023123", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023123" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3887.json b/2009/3xxx/CVE-2009-3887.json index a8c3dded6a1..e1398486ab8 100644 --- a/2009/3xxx/CVE-2009-3887.json +++ b/2009/3xxx/CVE-2009-3887.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3887", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3887", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4015.json b/2009/4xxx/CVE-2009-4015.json index 21a5c59eb2a..e16903d3099 100644 --- a/2009/4xxx/CVE-2009-4015.json +++ b/2009/4xxx/CVE-2009-4015.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", - "refsource" : "MLIST", - "url" : "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html" - }, - { - "name" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00", - "refsource" : "CONFIRM", - "url" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00" - }, - { - "name" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d", - "refsource" : "CONFIRM", - "url" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog" - }, - { - "name" : "DSA-1979", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1979" - }, - { - "name" : "USN-891-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-891-1" - }, - { - "name" : "37975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37975" - }, - { - "name" : "38375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38375" - }, - { - "name" : "38379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38379" + }, + { + "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d", + "refsource": "CONFIRM", + "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d" + }, + { + "name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", + "refsource": "MLIST", + "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html" + }, + { + "name": "38375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38375" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog" + }, + { + "name": "DSA-1979", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1979" + }, + { + "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00", + "refsource": "CONFIRM", + "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00" + }, + { + "name": "37975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37975" + }, + { + "name": "USN-891-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-891-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4048.json b/2009/4xxx/CVE-2009-4048.json index c0d26d914fe..2af67771c0c 100644 --- a/2009/4xxx/CVE-2009-4048.json +++ b/2009/4xxx/CVE-2009-4048.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091113 XM Easy Personal FTP Server 'APPE' and 'DELE' Command Remote Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507853/100/0/threaded" - }, - { - "name" : "37016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37016" - }, - { - "name" : "easypersonal-appe-dele-dos(54277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37016" + }, + { + "name": "20091113 XM Easy Personal FTP Server 'APPE' and 'DELE' Command Remote Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507853/100/0/threaded" + }, + { + "name": "easypersonal-appe-dele-dos(54277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54277" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4550.json b/2009/4xxx/CVE-2009-4550.json index c47a3005552..e5991d6de56 100644 --- a/2009/4xxx/CVE-2009-4550.json +++ b/2009/4xxx/CVE-2009-4550.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9408", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9408" - }, - { - "name" : "36020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36020" - }, - { - "name" : "36245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9408", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9408" + }, + { + "name": "36020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36020" + }, + { + "name": "36245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36245" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4580.json b/2009/4xxx/CVE-2009-4580.json index c2f5ae10e0a..2df22c6da0f 100644 --- a/2009/4xxx/CVE-2009-4580.json +++ b/2009/4xxx/CVE-2009-4580.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) yorumyaz.php and (2) blog.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/hastablog-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/hastablog-xss.txt" - }, - { - "name" : "10641", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10641" - }, - { - "name" : "61349", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61349" - }, - { - "name" : "37975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37975" - }, - { - "name" : "hastablog-id-xss(55052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) yorumyaz.php and (2) blog.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10641", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10641" + }, + { + "name": "61349", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61349" + }, + { + "name": "37975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37975" + }, + { + "name": "hastablog-id-xss(55052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55052" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/hastablog-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/hastablog-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4958.json b/2009/4xxx/CVE-2009-4958.json index df8503888e1..82ecc5804e6 100644 --- a/2009/4xxx/CVE-2009-4958.json +++ b/2009/4xxx/CVE-2009-4958.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9518", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9518" - }, - { - "name" : "36464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9518", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9518" + }, + { + "name": "36464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36464" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4999.json b/2009/4xxx/CVE-2009-4999.json index 2641a56dfdf..462f8c4111a 100644 --- a/2009/4xxx/CVE-2009-4999.json +++ b/2009/4xxx/CVE-2009-4999.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm", - "refsource" : "CONFIRM", - "url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm" - }, - { - "name" : "PJ34852", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ34852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm", + "refsource": "CONFIRM", + "url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm" + }, + { + "name": "PJ34852", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ34852" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2691.json b/2012/2xxx/CVE-2012-2691.json index aaaaf3d83a3..7b9a6b3afc4 100644 --- a/2012/2xxx/CVE-2012-2691.json +++ b/2012/2xxx/CVE-2012-2691.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120609 CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/09/1" - }, - { - "name" : "[oss-security] 20120611 Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/11/6" - }, - { - "name" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=148", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=148" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=14340", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=14340" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/175d973105fe9f03a37ced537b742611631067e0", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/175d973105fe9f03a37ced537b742611631067e0" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/edc8142bb8ac0ac0df1a3824d78c15f4015d959e", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/edc8142bb8ac0ac0df1a3824d78c15f4015d959e" - }, - { - "name" : "FEDORA-2012-18273", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html" - }, - { - "name" : "FEDORA-2012-18294", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html" - }, - { - "name" : "FEDORA-2012-18299", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html" - }, - { - "name" : "GLSA-201211-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201211-01.xml" - }, - { - "name" : "53907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53907" - }, - { - "name" : "56467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56467" - }, - { - "name" : "49414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49414" - }, - { - "name" : "51199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51199" - }, - { - "name" : "mantisbt-soapapi-sec-bypass(76180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mantisbt.org/bugs/view.php?id=14340", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=14340" + }, + { + "name": "FEDORA-2012-18299", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html" + }, + { + "name": "56467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56467" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/175d973105fe9f03a37ced537b742611631067e0", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/175d973105fe9f03a37ced537b742611631067e0" + }, + { + "name": "GLSA-201211-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/edc8142bb8ac0ac0df1a3824d78c15f4015d959e", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/edc8142bb8ac0ac0df1a3824d78c15f4015d959e" + }, + { + "name": "49414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49414" + }, + { + "name": "[oss-security] 20120611 Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/11/6" + }, + { + "name": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=148", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=148" + }, + { + "name": "51199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51199" + }, + { + "name": "FEDORA-2012-18294", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html" + }, + { + "name": "53907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53907" + }, + { + "name": "[oss-security] 20120609 CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/09/1" + }, + { + "name": "FEDORA-2012-18273", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html" + }, + { + "name": "mantisbt-soapapi-sec-bypass(76180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76180" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2793.json b/2012/2xxx/CVE-2012-2793.json index 4788a49ec9b..f2ac4a91d06 100644 --- a/2012/2xxx/CVE-2012-2793.json +++ b/2012/2xxx/CVE-2012-2793.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to \"too many zeros.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=83c7803f55b3231faeb93c1a634399a70fae9480", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=83c7803f55b3231faeb93c1a634399a70fae9480" - }, - { - "name" : "http://libav.org/releases/libav-0.7.7.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.7.7.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.8.4.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.8.4.changelog" - }, - { - "name" : "MDVSA-2013:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - }, - { - "name" : "51257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to \"too many zeros.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "http://libav.org/releases/libav-0.8.4.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.8.4.changelog" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=83c7803f55b3231faeb93c1a634399a70fae9480", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=83c7803f55b3231faeb93c1a634399a70fae9480" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "MDVSA-2013:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://libav.org/releases/libav-0.7.7.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.7.7.changelog" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + }, + { + "name": "51257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51257" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0170.json b/2015/0xxx/CVE-2015-0170.json index fac1de6852b..547061c5f95 100644 --- a/2015/0xxx/CVE-2015-0170.json +++ b/2015/0xxx/CVE-2015-0170.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699470", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0257.json b/2015/0xxx/CVE-2015-0257.json index 22d4e235855..59d4440a08e 100644 --- a/2015/0xxx/CVE-2015-0257.json +++ b/2015/0xxx/CVE-2015-0257.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2015:0888", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0888.html" - }, - { - "name" : "1032231", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032231", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032231" + }, + { + "name": "RHSA-2015:0888", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0888.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0458.json b/2015/0xxx/CVE-2015-0458.json index 22c7cc9a678..cad32e78173 100644 --- a/2015/0xxx/CVE-2015-0458.json +++ b/2015/0xxx/CVE-2015-0458.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "RHSA-2015:1006", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1006.html" - }, - { - "name" : "RHSA-2015:1007", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1007.html" - }, - { - "name" : "RHSA-2015:1020", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1020.html" - }, - { - "name" : "RHSA-2015:1091", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1091.html" - }, - { - "name" : "RHSA-2015:0854", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0854.html" - }, - { - "name" : "RHSA-2015:0857", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0857.html" - }, - { - "name" : "RHSA-2015:0858", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0858.html" - }, - { - "name" : "openSUSE-SU-2015:0773", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" - }, - { - "name" : "openSUSE-SU-2015:0774", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:0833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" - }, - { - "name" : "SUSE-SU-2016:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:2166", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:2168", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:2182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:2192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:2216", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:1086", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:1138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1161", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" - }, - { - "name" : "74141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74141" - }, - { - "name" : "1032120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0857", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html" + }, + { + "name": "RHSA-2015:1007", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html" + }, + { + "name": "SUSE-SU-2015:2182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" + }, + { + "name": "RHSA-2015:1006", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html" + }, + { + "name": "SUSE-SU-2015:2192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" + }, + { + "name": "SUSE-SU-2015:0833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" + }, + { + "name": "RHSA-2015:1091", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "SUSE-SU-2015:2166", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" + }, + { + "name": "1032120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032120" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" + }, + { + "name": "openSUSE-SU-2015:0773", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" + }, + { + "name": "SUSE-SU-2015:1138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" + }, + { + "name": "SUSE-SU-2015:2216", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" + }, + { + "name": "RHSA-2015:1020", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html" + }, + { + "name": "SUSE-SU-2015:1086", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" + }, + { + "name": "SUSE-SU-2015:2168", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" + }, + { + "name": "RHSA-2015:0858", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0858.html" + }, + { + "name": "openSUSE-SU-2015:0774", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" + }, + { + "name": "SUSE-SU-2015:1161", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" + }, + { + "name": "74141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74141" + }, + { + "name": "RHSA-2015:0854", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html" + }, + { + "name": "SUSE-SU-2016:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1354.json b/2015/1xxx/CVE-2015-1354.json index f386f4b6aa2..d81ac3f6552 100644 --- a/2015/1xxx/CVE-2015-1354.json +++ b/2015/1xxx/CVE-2015-1354.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1354", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1354", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1528.json b/2015/1xxx/CVE-2015-1528.json index c480b36616f..9dd85f97c1a 100644 --- a/2015/1xxx/CVE-2015-1528.json +++ b/2015/1xxx/CVE-2015-1528.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[android-security-updates] 20150909 Nexus Security Bulletin (September 2015)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ" - }, - { - "name" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf", - "refsource" : "MISC", - "url" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254" - }, - { - "name" : "https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[android-security-updates] 20150909 Nexus Security Bulletin (September 2015)", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254" + }, + { + "name": "https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14" + }, + { + "name": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf", + "refsource": "MISC", + "url": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5358.json b/2015/5xxx/CVE-2015-5358.json index 35ae98ee8e7..b29815ccf24 100644 --- a/2015/5xxx/CVE-2015-5358.json +++ b/2015/5xxx/CVE-2015-5358.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D16, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (mbuf and connection consumption and restart) via a large number of requests that trigger a TCP connection to move to the LAST_ACK state when there is more data to send." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10686", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10686" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10128", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10128" - }, - { - "name" : "NetBSD-SA2015-009", - "refsource" : "NETBSD", - "url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-009.txt.asc" - }, - { - "name" : "1032842", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032842" - }, - { - "name" : "1033915", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033915" - }, - { - "name" : "1033007", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D16, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (mbuf and connection consumption and restart) via a large number of requests that trigger a TCP connection to move to the LAST_ACK state when there is more data to send." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033007", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033007" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10686", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10686" + }, + { + "name": "1033915", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033915" + }, + { + "name": "NetBSD-SA2015-009", + "refsource": "NETBSD", + "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-009.txt.asc" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10128", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10128" + }, + { + "name": "1032842", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032842" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5411.json b/2015/5xxx/CVE-2015-5411.json index 72950a0fc38..0f7406f4f67 100644 --- a/2015/5xxx/CVE-2015-5411.json +++ b/2015/5xxx/CVE-2015-5411.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115" - }, - { - "name" : "1033378", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033378", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033378" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5418.json b/2015/5xxx/CVE-2015-5418.json index 6d3e4bf6be8..5b65a08cc58 100644 --- a/2015/5xxx/CVE-2015-5418.json +++ b/2015/5xxx/CVE-2015-5418.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-401", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-401" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027" - }, - { - "name" : "76457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76457" - }, - { - "name" : "1033362", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027" + }, + { + "name": "76457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76457" + }, + { + "name": "1033362", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033362" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-401", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-401" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5590.json b/2015/5xxx/CVE-2015-5590.json index 7052e1e1cdb..1345520b418 100644 --- a/2015/5xxx/CVE-2015-5590.json +++ b/2015/5xxx/CVE-2015-5590.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150718 Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath;", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/07/18/1" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=69923", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=69923" - }, - { - "name" : "DSA-3344", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3344" - }, - { - "name" : "75970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75970" + }, + { + "name": "DSA-3344", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3344" + }, + { + "name": "https://bugs.php.net/bug.php?id=69923", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=69923" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f" + }, + { + "name": "[oss-security] 20150718 Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath;", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/07/18/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5975.json b/2015/5xxx/CVE-2015-5975.json index ae8c6f9fa38..512521857a4 100644 --- a/2015/5xxx/CVE-2015-5975.json +++ b/2015/5xxx/CVE-2015-5975.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5975", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5975", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3717.json b/2018/3xxx/CVE-2018-3717.json index d134aab0ff4..d0bb7b724dc 100644 --- a/2018/3xxx/CVE-2018-3717.json +++ b/2018/3xxx/CVE-2018-3717.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "connect node module", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 2.14.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Generic (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "connect node module", + "version": { + "version_data": [ + { + "version_value": "Versions before 2.14.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b", - "refsource" : "MISC", - "url" : "https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b" - }, - { - "name" : "https://hackerone.com/reports/309394", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/309394" - }, - { - "name" : "https://hackerone.com/reports/309641", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/309641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b", + "refsource": "MISC", + "url": "https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b" + }, + { + "name": "https://hackerone.com/reports/309641", + "refsource": "MISC", + "url": "https://hackerone.com/reports/309641" + }, + { + "name": "https://hackerone.com/reports/309394", + "refsource": "MISC", + "url": "https://hackerone.com/reports/309394" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3858.json b/2018/3xxx/CVE-2018-3858.json index c937f8b07d4..7baa5d69a2a 100644 --- a/2018/3xxx/CVE-2018-3858.json +++ b/2018/3xxx/CVE-2018-3858.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-19T00:00:00", - "ID" : "CVE-2018-3858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Canvas Draw", - "version" : { - "version_data" : [ - { - "version_value" : "ACD Systems Canvas Draw 4.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "ACD Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3857." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122: Heap-Based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-19T00:00:00", + "ID": "CVE-2018-3858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Canvas Draw", + "version": { + "version_data": [ + { + "version_value": "ACD Systems Canvas Draw 4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "ACD Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0542", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3857." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-Based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0542", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0542" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3903.json b/2018/3xxx/CVE-2018-3903.json index 80333aa1916..726e83dcef5 100644 --- a/2018/3xxx/CVE-2018-3903.json +++ b/2018/3xxx/CVE-2018-3903.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Samsung", - "version" : { - "version_data" : [ - { - "version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long \"url\" value in order to overwrite the saved-PC with 0x42424242." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Classic Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung", + "version": { + "version_data": [ + { + "version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0574", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long \"url\" value in order to overwrite the saved-PC with 0x42424242." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0574", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0574" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6595.json b/2018/6xxx/CVE-2018-6595.json index 454ee92ef15..e875459f30a 100644 --- a/2018/6xxx/CVE-2018-6595.json +++ b/2018/6xxx/CVE-2018-6595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6595", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6595", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6655.json b/2018/6xxx/CVE-2018-6655.json index aa262fbfec5..0625dbdaf81 100644 --- a/2018/6xxx/CVE-2018-6655.json +++ b/2018/6xxx/CVE-2018-6655.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43988", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/43988/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43988", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/43988/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6843.json b/2018/6xxx/CVE-2018-6843.json index 81a64f23861..625e7ddf874 100644 --- a/2018/6xxx/CVE-2018-6843.json +++ b/2018/6xxx/CVE-2018-6843.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/zamous/c0afd7e21f3111de873c7bef6dcd9dd7", - "refsource" : "MISC", - "url" : "https://gist.github.com/zamous/c0afd7e21f3111de873c7bef6dcd9dd7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/zamous/c0afd7e21f3111de873c7bef6dcd9dd7", + "refsource": "MISC", + "url": "https://gist.github.com/zamous/c0afd7e21f3111de873c7bef6dcd9dd7" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7528.json b/2018/7xxx/CVE-2018-7528.json index a33687af56d..a3af745f23e 100644 --- a/2018/7xxx/CVE-2018-7528.json +++ b/2018/7xxx/CVE-2018-7528.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-03-20T00:00:00", - "ID" : "CVE-2018-7528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Geutebrück G-Cam/EFD-2250 (part n° 5.02024) firmware and Topline TopFD-2125 (part n° 5.02820) firmware", - "version" : { - "version_data" : [ - { - "version_value" : "G-Cam/EFD-2250 version 1.12.0.4 and Topline TopFD-2125 version 3.15.1" - } - ] - } - } - ] - }, - "vendor_name" : "Geutebrück" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-03-20T00:00:00", + "ID": "CVE-2018-7528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Geutebrück G-Cam/EFD-2250 (part n° 5.02024) firmware and Topline TopFD-2125 (part n° 5.02820) firmware", + "version": { + "version_data": [ + { + "version_value": "G-Cam/EFD-2250 version 1.12.0.4 and Topline TopFD-2125 version 3.15.1" + } + ] + } + } + ] + }, + "vendor_name": "Geutebrück" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01" - }, - { - "name" : "103474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01" + }, + { + "name": "103474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103474" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7604.json b/2018/7xxx/CVE-2018-7604.json index 59bc5e2f966..ba80afc8b12 100644 --- a/2018/7xxx/CVE-2018-7604.json +++ b/2018/7xxx/CVE-2018-7604.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7604", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7604", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7664.json b/2018/7xxx/CVE-2018-7664.json index 91186b0f4a7..aac1f948e99 100644 --- a/2018/7xxx/CVE-2018-7664.json +++ b/2018/7xxx/CVE-2018-7664.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.openwall.net/full-disclosure/2018/02/27/1", - "refsource" : "MISC", - "url" : "http://lists.openwall.net/full-disclosure/2018/02/27/1" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.openwall.net/full-disclosure/2018/02/27/1", + "refsource": "MISC", + "url": "http://lists.openwall.net/full-disclosure/2018/02/27/1" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7675.json b/2018/7xxx/CVE-2018-7675.json index c0cc46aa147..632e53e859e 100644 --- a/2018/7xxx/CVE-2018-7675.json +++ b/2018/7xxx/CVE-2018-7675.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2018-7675", - "STATE" : "PUBLIC", - "TITLE" : "Potential Information Disclosure in Sentinel" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sentinel", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "Sentinel 8.1.X", - "version_value" : "8.1.X" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 2.8, - "baseSeverity" : "LOW", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Potential information leakage" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2018-7675", + "STATE": "PUBLIC", + "TITLE": "Potential Information Disclosure in Sentinel" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sentinel", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "Sentinel 8.1.X", + "version_value": "8.1.X" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.netiq.com/support/kb/doc.php?id=7022706", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/support/kb/doc.php?id=7022706" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.8, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential information leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netiq.com/support/kb/doc.php?id=7022706", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/support/kb/doc.php?id=7022706" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7817.json b/2018/7xxx/CVE-2018-7817.json index 56b32ccba2f..f6c37d5bd46 100644 --- a/2018/7xxx/CVE-2018-7817.json +++ b/2018/7xxx/CVE-2018-7817.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "ID" : "CVE-2018-7817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Zelio Soft 2 v5.1 and prior versions", - "version" : { - "version_data" : [ - { - "version_value" : "Zelio Soft 2 v5.1 and prior versions" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free (CWE-416)" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "ID": "CVE-2018-7817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zelio Soft 2 v5.1 and prior versions", + "version": { + "version_data": [ + { + "version_value": "Zelio Soft 2 v5.1 and prior versions" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-361-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-361-01/" - }, - { - "name" : "106481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106481" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-361-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-361-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8217.json b/2018/8xxx/CVE-2018-8217.json index db730b85901..8e1c180f9e6 100644 --- a/2018/8xxx/CVE-2018-8217.json +++ b/2018/8xxx/CVE-2018-8217.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8221." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8217", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8217" - }, - { - "name" : "104337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104337" - }, - { - "name" : "1041098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8221." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041098" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8217", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8217" + }, + { + "name": "104337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104337" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8311.json b/2018/8xxx/CVE-2018-8311.json index 841c9c59e5f..6e173492bfb 100644 --- a/2018/8xxx/CVE-2018-8311.json +++ b/2018/8xxx/CVE-2018-8311.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Skype", - "version" : { - "version_data" : [ - { - "version_value" : "Business 2016 (32-bit)" - }, - { - "version_value" : "Business 2016 (64-bit)" - } - ] - } - }, - { - "product_name" : "Microsoft Lync", - "version" : { - "version_data" : [ - { - "version_value" : "2013 Service Pack 1 (32-bit)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Skype", + "version": { + "version_data": [ + { + "version_value": "Business 2016 (32-bit)" + }, + { + "version_value": "Business 2016 (64-bit)" + } + ] + } + }, + { + "product_name": "Microsoft Lync", + "version": { + "version_data": [ + { + "version_value": "2013 Service Pack 1 (32-bit)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311" - }, - { - "name" : "104624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104624" - }, - { - "name" : "1041259", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041259" - }, - { - "name" : "1041260", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104624" + }, + { + "name": "1041259", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041259" + }, + { + "name": "1041260", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041260" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8401.json b/2018/8xxx/CVE-2018-8401.json index c943c1cd3b6..2d99789b783 100644 --- a/2018/8xxx/CVE-2018-8401.json +++ b/2018/8xxx/CVE-2018-8401.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8401", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8401" - }, - { - "name" : "105006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105006" - }, - { - "name" : "1041461", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8401", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8401" + }, + { + "name": "1041461", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041461" + }, + { + "name": "105006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105006" + } + ] + } +} \ No newline at end of file