diff --git a/2005/0xxx/CVE-2005-0066.json b/2005/0xxx/CVE-2005-0066.json index 490194e9e98..981f6fcbb98 100644 --- a/2005/0xxx/CVE-2005-0066.json +++ b/2005/0xxx/CVE-2005-0066.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka \"TCP acknowledgement number checking\"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged \"Destination Unreachable\" messages, (2) blind throughput-reduction attacks with forged \"Source Quench\" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html", - "refsource" : "MISC", - "url" : "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html" - }, - { - "name" : "13124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka \"TCP acknowledgement number checking\"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged \"Destination Unreachable\" messages, (2) blind throughput-reduction attacks with forged \"Source Quench\" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13124" + }, + { + "name": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html", + "refsource": "MISC", + "url": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0229.json b/2005/0xxx/CVE-2005-0229.json index 839869574e3..efc071bc559 100644 --- a/2005/0xxx/CVE-2005-0229.json +++ b/2005/0xxx/CVE-2005-0229.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050212 Credit Card data disclosure in CitrusDB", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110824766519417&w=2" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt" - }, - { - "name" : "http://www.citrusdb.org/forums/viewtopic.php?t=49", - "refsource" : "CONFIRM", - "url" : "http://www.citrusdb.org/forums/viewtopic.php?t=49" - }, - { - "name" : "12402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12402" - }, - { - "name" : "1013040", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013040" - }, - { - "name" : "citrus-information-disclosure(19145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.citrusdb.org/forums/viewtopic.php?t=49", + "refsource": "CONFIRM", + "url": "http://www.citrusdb.org/forums/viewtopic.php?t=49" + }, + { + "name": "1013040", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013040" + }, + { + "name": "citrus-information-disclosure(19145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19145" + }, + { + "name": "12402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12402" + }, + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt" + }, + { + "name": "20050212 Credit Card data disclosure in CitrusDB", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110824766519417&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0440.json b/2005/0xxx/CVE-2005-0440.json index 00ac6d4793f..662aa123231 100644 --- a/2005/0xxx/CVE-2005-0440.json +++ b/2005/0xxx/CVE-2005-0440.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=40505&release_id=304880", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=40505&release_id=304880" - }, - { - "name" : "http://midas.psi.ch/elogs/Forum/941", - "refsource" : "CONFIRM", - "url" : "http://midas.psi.ch/elogs/Forum/941" - }, - { - "name" : "12556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12556" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=40505&release_id=304880", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=40505&release_id=304880" + }, + { + "name": "http://midas.psi.ch/elogs/Forum/941", + "refsource": "CONFIRM", + "url": "http://midas.psi.ch/elogs/Forum/941" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2025.json b/2005/2xxx/CVE-2005-2025.json index 2482db3fb62..aefc054d466 100644 --- a/2005/2xxx/CVE-2005-2025.json +++ b/2005/2xxx/CVE-2005-2025.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm", - "refsource" : "MISC", - "url" : "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm" - }, - { - "name" : "13992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13992" - }, - { - "name" : "ADV-2005-0822", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm", + "refsource": "MISC", + "url": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm" + }, + { + "name": "13992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13992" + }, + { + "name": "ADV-2005-0822", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0822" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2100.json b/2005/2xxx/CVE-2005-2100.json index b926b917c50..da4e75241cc 100644 --- a/2005/2xxx/CVE-2005-2100.json +++ b/2005/2xxx/CVE-2005-2100.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547" - }, - { - "name" : "RHSA-2005:514", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-514.html" - }, - { - "name" : "oval:org.mitre.oval:def:11556", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11556" - }, - { - "name" : "17073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17073" + }, + { + "name": "RHSA-2005:514", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-514.html" + }, + { + "name": "oval:org.mitre.oval:def:11556", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11556" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2221.json b/2005/2xxx/CVE-2005-2221.json index 2f26579c25a..50c46037a56 100644 --- a/2005/2xxx/CVE-2005-2221.json +++ b/2005/2xxx/CVE-2005-2221.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and product numbers. Assuming that this is the case, the issue still satisfies the CVE definition of \"exposure.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050712 Dragonfly Shopping Cart Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112121930328341&w=2" - }, - { - "name" : "http://www.digitalparadox.org/viewadvisories.ah?view=46", - "refsource" : "MISC", - "url" : "http://www.digitalparadox.org/viewadvisories.ah?view=46" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and product numbers. Assuming that this is the case, the issue still satisfies the CVE definition of \"exposure.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.digitalparadox.org/viewadvisories.ah?view=46", + "refsource": "MISC", + "url": "http://www.digitalparadox.org/viewadvisories.ah?view=46" + }, + { + "name": "20050712 Dragonfly Shopping Cart Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112121930328341&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2425.json b/2005/2xxx/CVE-2005-2425.json index 820ad94429a..54fdf65e857 100644 --- a/2005/2xxx/CVE-2005-2425.json +++ b/2005/2xxx/CVE-2005-2425.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050725 Ares FileShare 1.1 'Long Searched String' Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112239196706345&w=2" - }, - { - "name" : "14377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14377" - }, - { - "name" : "1014576", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014576" - }, - { - "name" : "ares-longconfstring-bo(21557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21557" - }, - { - "name" : "aresfileshare-long-string-bo(21818)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050725 Ares FileShare 1.1 'Long Searched String' Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112239196706345&w=2" + }, + { + "name": "14377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14377" + }, + { + "name": "aresfileshare-long-string-bo(21818)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21818" + }, + { + "name": "ares-longconfstring-bo(21557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21557" + }, + { + "name": "1014576", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014576" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3191.json b/2005/3xxx/CVE-2005-3191.json index 9619bd7b08d..a3b265ef48c 100644 --- a/2005/3xxx/CVE-2005-3191.json +++ b/2005/3xxx/CVE-2005-3191.json @@ -1,637 +1,637 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051205 Multiple Vendor xpdf DCTStream Progressive Heap Overflow", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities" - }, - { - "name" : "Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289" - }, - { - "name" : "20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418883/100/0/threaded" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20051207-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20051207-1.txt" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20051207-2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20051207-2.txt" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1609", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1609" - }, - { - "name" : "DSA-931", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-931" - }, - { - "name" : "DSA-932", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-932" - }, - { - "name" : "DSA-937", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-937" - }, - { - "name" : "DSA-938", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-938" - }, - { - "name" : "DSA-940", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-940" - }, - { - "name" : "DSA-936", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-936" - }, - { - "name" : "DSA-950", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-950" - }, - { - "name" : "DSA-961", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-961" - }, - { - "name" : "DSA-962", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-962" - }, - { - "name" : "FEDORA-2005-1141", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html" - }, - { - "name" : "FEDORA-2005-1142", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html" - }, - { - "name" : "FEDORA-2005-1126", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html" - }, - { - "name" : "FEDORA-2005-1127", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html" - }, - { - "name" : "FLSA:175404", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427990/100/0/threaded" - }, - { - "name" : "FLSA-2006:176751", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427053/100/0/threaded" - }, - { - "name" : "GLSA-200512-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml" - }, - { - "name" : "GLSA-200601-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml" - }, - { - "name" : "MDKSA-2006:010", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010" - }, - { - "name" : "MDKSA-2006:003", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003" - }, - { - "name" : "MDKSA-2006:004", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004" - }, - { - "name" : "MDKSA-2006:005", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005" - }, - { - "name" : "MDKSA-2006:006", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006" - }, - { - "name" : "MDKSA-2006:008", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008" - }, - { - "name" : "MDKSA-2006:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012" - }, - { - "name" : "MDKSA-2006:011", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011" - }, - { - "name" : "RHSA-2005:840", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-840.html" - }, - { - "name" : "RHSA-2005:867", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-867.html" - }, - { - "name" : "RHSA-2005:878", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-878.html" - }, - { - "name" : "RHSA-2005:868", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2005-868.html" - }, - { - "name" : "RHSA-2006:0160", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0160.html" - }, - { - "name" : "SCOSA-2006.15", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt" - }, - { - "name" : "SCOSA-2006.20", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt" - }, - { - "name" : "SCOSA-2006.21", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt" - }, - { - "name" : "20051201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U" - }, - { - "name" : "20060101-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" - }, - { - "name" : "20060201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" - }, - { - "name" : "SSA:2006-045-04", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" - }, - { - "name" : "SSA:2006-045-09", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" - }, - { - "name" : "102972", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1" - }, - { - "name" : "SUSE-SA:2006:001", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html" - }, - { - "name" : "SUSE-SR:2006:002", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_02_sr.html" - }, - { - "name" : "SUSE-SR:2005:029", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_29_sr.html" - }, - { - "name" : "TSLSA-2005-0072", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0072/" - }, - { - "name" : "USN-227-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntulinux.org/usn/usn-227-1" - }, - { - "name" : "15726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15726" - }, - { - "name" : "15727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15727" - }, - { - "name" : "oval:org.mitre.oval:def:9760", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9760" - }, - { - "name" : "ADV-2005-2786", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2786" - }, - { - "name" : "ADV-2005-2789", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2789" - }, - { - "name" : "ADV-2005-2790", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2790" - }, - { - "name" : "ADV-2005-2788", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2788" - }, - { - "name" : "ADV-2005-2856", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2856" - }, - { - "name" : "ADV-2005-2787", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2787" - }, - { - "name" : "ADV-2007-2280", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2280" - }, - { - "name" : "1015309", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015309" - }, - { - "name" : "1015324", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015324" - }, - { - "name" : "17908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17908" - }, - { - "name" : "17912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17912" - }, - { - "name" : "17916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17916" - }, - { - "name" : "17920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17920" - }, - { - "name" : "17921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17921" - }, - { - "name" : "17929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17929" - }, - { - "name" : "17940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17940" - }, - { - "name" : "17976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17976" - }, - { - "name" : "18009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18009" - }, - { - "name" : "18055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18055" - }, - { - "name" : "18061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18061" - }, - { - "name" : "17897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17897" - }, - { - "name" : "17926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17926" - }, - { - "name" : "18191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18191" - }, - { - "name" : "18192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18192" - }, - { - "name" : "18189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18189" - }, - { - "name" : "18313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18313" - }, - { - "name" : "18336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18336" - }, - { - "name" : "18387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18387" - }, - { - "name" : "18416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18416" - }, - { - "name" : "18349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18349" - }, - { - "name" : "18385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18385" - }, - { - "name" : "18389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18389" - }, - { - "name" : "18448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18448" - }, - { - "name" : "18398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18398" - }, - { - "name" : "18407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18407" - }, - { - "name" : "18534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18534" - }, - { - "name" : "18549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18549" - }, - { - "name" : "18582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18582" - }, - { - "name" : "18303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18303" - }, - { - "name" : "18517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18517" - }, - { - "name" : "18554", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18554" - }, - { - "name" : "17955", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17955" - }, - { - "name" : "18674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18674" - }, - { - "name" : "18675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18675" - }, - { - "name" : "18679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18679" - }, - { - "name" : "18908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18908" - }, - { - "name" : "18913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18913" - }, - { - "name" : "19230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19230" - }, - { - "name" : "19377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19377" - }, - { - "name" : "18503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18503" - }, - { - "name" : "18147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18147" - }, - { - "name" : "18380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18380" - }, - { - "name" : "18428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18428" - }, - { - "name" : "18436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18436" - }, - { - "name" : "19797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19797" - }, - { - "name" : "19798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19798" - }, - { - "name" : "25729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25729" - }, - { - "name" : "26413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26413" - }, - { - "name" : "233", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/233" - }, - { - "name" : "234", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/234" - }, - { - "name" : "xpdf-dctstream-baseline-bo(23444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23444" - }, - { - "name" : "xpdf-dctstream-progressive-bo(23443)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "234", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/234" + }, + { + "name": "17929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17929" + }, + { + "name": "19797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19797" + }, + { + "name": "SCOSA-2006.20", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt" + }, + { + "name": "233", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/233" + }, + { + "name": "DSA-932", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-932" + }, + { + "name": "18349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18349" + }, + { + "name": "18147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18147" + }, + { + "name": "SCOSA-2006.15", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt" + }, + { + "name": "18055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18055" + }, + { + "name": "http://www.kde.org/info/security/advisory-20051207-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20051207-1.txt" + }, + { + "name": "18503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18503" + }, + { + "name": "18549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18549" + }, + { + "name": "http://www.kde.org/info/security/advisory-20051207-2.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20051207-2.txt" + }, + { + "name": "18679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18679" + }, + { + "name": "18189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18189" + }, + { + "name": "26413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26413" + }, + { + "name": "17940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17940" + }, + { + "name": "oval:org.mitre.oval:def:9760", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9760" + }, + { + "name": "xpdf-dctstream-baseline-bo(23444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23444" + }, + { + "name": "18303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18303" + }, + { + "name": "DSA-931", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-931" + }, + { + "name": "18554", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18554" + }, + { + "name": "MDKSA-2006:003", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289" + }, + { + "name": "19230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19230" + }, + { + "name": "102972", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1" + }, + { + "name": "MDKSA-2006:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012" + }, + { + "name": "DSA-962", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-962" + }, + { + "name": "1015309", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015309" + }, + { + "name": "DSA-937", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-937" + }, + { + "name": "18398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18398" + }, + { + "name": "FLSA-2006:176751", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427053/100/0/threaded" + }, + { + "name": "SUSE-SA:2006:001", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html" + }, + { + "name": "DSA-936", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-936" + }, + { + "name": "17916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17916" + }, + { + "name": "20051205 Multiple Vendor xpdf DCTStream Progressive Heap Overflow", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities" + }, + { + "name": "RHSA-2005:840", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-840.html" + }, + { + "name": "ADV-2005-2789", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2789" + }, + { + "name": "RHSA-2005:867", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-867.html" + }, + { + "name": "18674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18674" + }, + { + "name": "MDKSA-2006:005", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005" + }, + { + "name": "18313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18313" + }, + { + "name": "15727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15727" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1609", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1609" + }, + { + "name": "RHSA-2005:868", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2005-868.html" + }, + { + "name": "20051201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U" + }, + { + "name": "20060101-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" + }, + { + "name": "18448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18448" + }, + { + "name": "18436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18436" + }, + { + "name": "18428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18428" + }, + { + "name": "18380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18380" + }, + { + "name": "GLSA-200512-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml" + }, + { + "name": "FEDORA-2005-1126", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html" + }, + { + "name": "18416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18416" + }, + { + "name": "ADV-2007-2280", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2280" + }, + { + "name": "15726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15726" + }, + { + "name": "GLSA-200601-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml" + }, + { + "name": "FEDORA-2005-1142", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html" + }, + { + "name": "18336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18336" + }, + { + "name": "18061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18061" + }, + { + "name": "18407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18407" + }, + { + "name": "18009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18009" + }, + { + "name": "17908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17908" + }, + { + "name": "USN-227-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntulinux.org/usn/usn-227-1" + }, + { + "name": "17897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17897" + }, + { + "name": "Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities" + }, + { + "name": "18517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18517" + }, + { + "name": "18582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18582" + }, + { + "name": "SUSE-SR:2006:002", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html" + }, + { + "name": "18534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18534" + }, + { + "name": "SSA:2006-045-09", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" + }, + { + "name": "TSLSA-2005-0072", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0072/" + }, + { + "name": "FEDORA-2005-1127", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html" + }, + { + "name": "20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418883/100/0/threaded" + }, + { + "name": "xpdf-dctstream-progressive-bo(23443)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23443" + }, + { + "name": "18908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18908" + }, + { + "name": "25729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25729" + }, + { + "name": "ADV-2005-2786", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2786" + }, + { + "name": "MDKSA-2006:006", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006" + }, + { + "name": "ADV-2005-2788", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2788" + }, + { + "name": "17926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17926" + }, + { + "name": "19798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19798" + }, + { + "name": "MDKSA-2006:008", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008" + }, + { + "name": "18191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18191" + }, + { + "name": "20060201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" + }, + { + "name": "RHSA-2006:0160", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0160.html" + }, + { + "name": "17912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17912" + }, + { + "name": "MDKSA-2006:010", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010" + }, + { + "name": "17921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17921" + }, + { + "name": "DSA-940", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-940" + }, + { + "name": "MDKSA-2006:004", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004" + }, + { + "name": "ADV-2005-2790", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2790" + }, + { + "name": "18389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18389" + }, + { + "name": "18192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18192" + }, + { + "name": "ADV-2005-2856", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2856" + }, + { + "name": "SSA:2006-045-04", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" + }, + { + "name": "19377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19377" + }, + { + "name": "FLSA:175404", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427990/100/0/threaded" + }, + { + "name": "DSA-961", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-961" + }, + { + "name": "SCOSA-2006.21", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt" + }, + { + "name": "18675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18675" + }, + { + "name": "1015324", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015324" + }, + { + "name": "18913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18913" + }, + { + "name": "DSA-938", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-938" + }, + { + "name": "SUSE-SR:2005:029", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html" + }, + { + "name": "ADV-2005-2787", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2787" + }, + { + "name": "RHSA-2005:878", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-878.html" + }, + { + "name": "FEDORA-2005-1141", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html" + }, + { + "name": "17920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17920" + }, + { + "name": "DSA-950", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-950" + }, + { + "name": "17955", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17955" + }, + { + "name": "17976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17976" + }, + { + "name": "18387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18387" + }, + { + "name": "MDKSA-2006:011", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011" + }, + { + "name": "18385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18385" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3576.json b/2005/3xxx/CVE-2005-3576.json index d02285e2519..4e41032d8d3 100644 --- a/2005/3xxx/CVE-2005-3576.json +++ b/2005/3xxx/CVE-2005-3576.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051114 Walla TeleSite Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/416581/30/0/threaded" - }, - { - "name" : "15419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15419" - }, - { - "name" : "17547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051114 Walla TeleSite Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/416581/30/0/threaded" + }, + { + "name": "15419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15419" + }, + { + "name": "17547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17547" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4305.json b/2005/4xxx/CVE-2005-4305.json index 8c213963549..9bfce0869c1 100644 --- a/2005/4xxx/CVE-2005-4305.json +++ b/2005/4xxx/CVE-2005-4305.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.edgewall.com/trac/wiki/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://projects.edgewall.com/trac/wiki/ChangeLog" - }, - { - "name" : "GLSA-200601-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml" - }, - { - "name" : "16386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16386" - }, - { - "name" : "ADV-2005-2936", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2936" - }, - { - "name" : "1015363", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015363" - }, - { - "name" : "18048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18048" - }, - { - "name" : "18625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18625" - }, - { - "name" : "trac-url-path-xss(23775)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200601-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml" + }, + { + "name": "1015363", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015363" + }, + { + "name": "ADV-2005-2936", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2936" + }, + { + "name": "16386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16386" + }, + { + "name": "http://projects.edgewall.com/trac/wiki/ChangeLog", + "refsource": "CONFIRM", + "url": "http://projects.edgewall.com/trac/wiki/ChangeLog" + }, + { + "name": "trac-url-path-xss(23775)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23775" + }, + { + "name": "18048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18048" + }, + { + "name": "18625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18625" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4339.json b/2005/4xxx/CVE-2005-4339.json index 96d7626e36e..a1993dbb349 100644 --- a/2005/4xxx/CVE-2005-4339.json +++ b/2005/4xxx/CVE-2005-4339.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipomonis.com/advisories/Bb_6.zip", - "refsource" : "MISC", - "url" : "http://www.ipomonis.com/advisories/Bb_6.zip" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ipomonis.com/advisories/Bb_6.zip", + "refsource": "MISC", + "url": "http://www.ipomonis.com/advisories/Bb_6.zip" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4422.json b/2005/4xxx/CVE-2005-4422.json index bedd2590478..535439d1cd2 100644 --- a/2005/4xxx/CVE-2005-4422.json +++ b/2005/4xxx/CVE-2005-4422.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051107 SEC Consult SA-20051107-0 :: toendaCMS multiple vulnerabilites", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415975" - }, - { - "name" : "http://www.toenda.com/de/data/files/Software/toendaCMS_Version_0.6.0_Stable/toendaCMS_0.6.2.1_Stable.zip", - "refsource" : "MISC", - "url" : "http://www.toenda.com/de/data/files/Software/toendaCMS_Version_0.6.0_Stable/toendaCMS_0.6.2.1_Stable.zip" - }, - { - "name" : "15351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15351" - }, - { - "name" : "17471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051107 SEC Consult SA-20051107-0 :: toendaCMS multiple vulnerabilites", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415975" + }, + { + "name": "17471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17471" + }, + { + "name": "http://www.toenda.com/de/data/files/Software/toendaCMS_Version_0.6.0_Stable/toendaCMS_0.6.2.1_Stable.zip", + "refsource": "MISC", + "url": "http://www.toenda.com/de/data/files/Software/toendaCMS_Version_0.6.0_Stable/toendaCMS_0.6.2.1_Stable.zip" + }, + { + "name": "15351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15351" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4429.json b/2005/4xxx/CVE-2005-4429.json index 816555e9a60..137c0a0f46c 100644 --- a/2005/4xxx/CVE-2005-4429.json +++ b/2005/4xxx/CVE-2005-4429.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/cs-cart-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/cs-cart-sql-inj-vuln.html" - }, - { - "name" : "20060105 Vendor ACK: 21370: CS-Cart index.php Multiple Variable SQL Injection (fwd)", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-January/000450.html" - }, - { - "name" : "16134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16134" - }, - { - "name" : "21370", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060105 Vendor ACK: 21370: CS-Cart index.php Multiple Variable SQL Injection (fwd)", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-January/000450.html" + }, + { + "name": "16134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16134" + }, + { + "name": "21370", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21370" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/cs-cart-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/cs-cart-sql-inj-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4522.json b/2005/4xxx/CVE-2005-4522.json index 46249f0b07e..cd9bb996d7d 100644 --- a/2005/4xxx/CVE-2005-4522.json +++ b/2005/4xxx/CVE-2005-4522.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.trapkit.de/advisories/TKADV2005-11-002.txt", - "refsource" : "MISC", - "url" : "http://www.trapkit.de/advisories/TKADV2005-11-002.txt" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963" - }, - { - "name" : "DSA-944", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-944" - }, - { - "name" : "GLSA-200512-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml" - }, - { - "name" : "16046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16046/" - }, - { - "name" : "ADV-2005-3064", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3064" - }, - { - "name" : "22053", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22053" - }, - { - "name" : "18181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18181/" - }, - { - "name" : "18221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18221" - }, - { - "name" : "18481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22053", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22053" + }, + { + "name": "18481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18481" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963" + }, + { + "name": "16046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16046/" + }, + { + "name": "18181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18181/" + }, + { + "name": "ADV-2005-3064", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3064" + }, + { + "name": "18221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18221" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963" + }, + { + "name": "GLSA-200512-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml" + }, + { + "name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt", + "refsource": "MISC", + "url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt" + }, + { + "name": "DSA-944", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-944" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4546.json b/2005/4xxx/CVE-2005-4546.json index 3f1bca31a50..4a80a76fb8a 100644 --- a/2005/4xxx/CVE-2005-4546.json +++ b/2005/4xxx/CVE-2005-4546.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/eggblog-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/eggblog-vuln.html" - }, - { - "name" : "16056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16056" - }, - { - "name" : "ADV-2005-3072", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3072" - }, - { - "name" : "21908", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21908" - }, - { - "name" : "18212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18212" - }, - { - "name" : "eggblog-search-path-disclosure(23857)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-3072", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3072" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/eggblog-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/eggblog-vuln.html" + }, + { + "name": "21908", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21908" + }, + { + "name": "18212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18212" + }, + { + "name": "16056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16056" + }, + { + "name": "eggblog-search-path-disclosure(23857)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23857" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4652.json b/2005/4xxx/CVE-2005-4652.json index fe2f188bc66..cbacf977333 100644 --- a/2005/4xxx/CVE-2005-4652.json +++ b/2005/4xxx/CVE-2005-4652.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phlymail.de/forum/viewtopic.php?t=842", - "refsource" : "CONFIRM", - "url" : "http://phlymail.de/forum/viewtopic.php?t=842" - }, - { - "name" : "16310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16310" - }, - { - "name" : "ADV-2006-0261", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0261" - }, - { - "name" : "20976", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20976" - }, - { - "name" : "18536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18536" - }, - { - "name" : "phlymail-unknown-sql-injection(24238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16310" + }, + { + "name": "18536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18536" + }, + { + "name": "ADV-2006-0261", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0261" + }, + { + "name": "phlymail-unknown-sql-injection(24238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24238" + }, + { + "name": "http://phlymail.de/forum/viewtopic.php?t=842", + "refsource": "CONFIRM", + "url": "http://phlymail.de/forum/viewtopic.php?t=842" + }, + { + "name": "20976", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20976" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0883.json b/2009/0xxx/CVE-2009-0883.json index e1755032a20..d90437832d1 100644 --- a/2009/0xxx/CVE-2009-0883.json +++ b/2009/0xxx/CVE-2009-0883.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8165", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8165" - }, - { - "name" : "34022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34022" - }, - { - "name" : "blueeyecms-blueeyecmslogin-sql-injection(49104)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "blueeyecms-blueeyecmslogin-sql-injection(49104)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49104" + }, + { + "name": "34022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34022" + }, + { + "name": "8165", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8165" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0986.json b/2009/0xxx/CVE-2009-0986.json index 326b3ffc8b2..b087c862b39 100644 --- a/2009/0xxx/CVE-2009-0986.json +++ b/2009/0xxx/CVE-2009-0986.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-0986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53735", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53735" - }, - { - "name" : "1022052", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022052" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + }, + { + "name": "53735", + "refsource": "OSVDB", + "url": "http://osvdb.org/53735" + }, + { + "name": "1022052", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022052" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2141.json b/2009/2xxx/CVE-2009-2141.json index b5b599f863a..16520a8d5bd 100644 --- a/2009/2xxx/CVE-2009-2141.json +++ b/2009/2xxx/CVE-2009-2141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8942", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8942" - }, - { - "name" : "http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html" - }, - { - "name" : "35378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html", + "refsource": "MISC", + "url": "http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html" + }, + { + "name": "35378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35378" + }, + { + "name": "8942", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8942" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2475.json b/2009/2xxx/CVE-2009-2475.json index 3be7d319e5e..f0ece54a5ed 100644 --- a/2009/2xxx/CVE-2009-2475.json +++ b/2009/2xxx/CVE-2009-2475.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" - }, - { - "name" : "http://java.sun.com/javase/6/webnotes/6u15.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u15.html" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=513215", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=513215" - }, - { - "name" : "APPLE-SA-2009-09-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" - }, - { - "name" : "FEDORA-2009-8329", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" - }, - { - "name" : "FEDORA-2009-8337", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "MDVSA-2009:209", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" - }, - { - "name" : "RHSA-2009:1199", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1199.html" - }, - { - "name" : "RHSA-2009:1200", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1200.html" - }, - { - "name" : "RHSA-2009:1201", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1201.html" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "oval:org.mitre.oval:def:10221", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10221" - }, - { - "name" : "36162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36162" - }, - { - "name" : "36176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36176" - }, - { - "name" : "36180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36180" - }, - { - "name" : "36199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36199" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "ADV-2009-2543", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2009:1200", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=513215", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513215" + }, + { + "name": "RHSA-2009:1199", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html" + }, + { + "name": "36162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36162" + }, + { + "name": "ADV-2009-2543", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2543" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "36199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36199" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1" + }, + { + "name": "MDVSA-2009:209", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" + }, + { + "name": "FEDORA-2009-8329", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u15.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u15.html" + }, + { + "name": "36180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36180" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1" + }, + { + "name": "36176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36176" + }, + { + "name": "FEDORA-2009-8337", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" + }, + { + "name": "oval:org.mitre.oval:def:10221", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10221" + }, + { + "name": "APPLE-SA-2009-09-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" + }, + { + "name": "RHSA-2009:1201", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2745.json b/2009/2xxx/CVE-2009-2745.json index 34eb732fa75..312cf7ebd36 100644 --- a/2009/2xxx/CVE-2009-2745.json +++ b/2009/2xxx/CVE-2009-2745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3025.json b/2009/3xxx/CVE-2009-3025.json index 3fd97d81ae1..675f8e5e2ea 100644 --- a/2009/3xxx/CVE-2009-3025.json +++ b/2009/3xxx/CVE-2009-3025.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090819 CVE Request pidgin", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/19/2" - }, - { - "name" : "http://developer.pidgin.im/wiki/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/wiki/ChangeLog" - }, - { - "name" : "oval:org.mitre.oval:def:6167", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6167" - }, - { - "name" : "pidgin-unspecified-dos(52994)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6167", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6167" + }, + { + "name": "pidgin-unspecified-dos(52994)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52994" + }, + { + "name": "[oss-security] 20090819 CVE Request pidgin", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/19/2" + }, + { + "name": "http://developer.pidgin.im/wiki/ChangeLog", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/wiki/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3327.json b/2009/3xxx/CVE-2009-3327.json index 277cda0e1e7..73985d56dc2 100644 --- a/2009/3xxx/CVE-2009-3327.json +++ b/2009/3xxx/CVE-2009-3327.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9730", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9730" - }, - { - "name" : "36806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36806" + }, + { + "name": "9730", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9730" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3372.json b/2009/3xxx/CVE-2009-3372.json index 605f4ce3ac2..f115a1556c5 100644 --- a/2009/3xxx/CVE-2009-3372.json +++ b/2009/3xxx/CVE-2009-3372.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-55.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-55.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=500644", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=500644" - }, - { - "name" : "MDVSA-2009:294", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" - }, - { - "name" : "272909", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" - }, - { - "name" : "oval:org.mitre.oval:def:10977", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10977" - }, - { - "name" : "oval:org.mitre.oval:def:6347", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6347" - }, - { - "name" : "ADV-2009-3334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10977", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10977" + }, + { + "name": "272909", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=500644", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=500644" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-55.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-55.html" + }, + { + "name": "oval:org.mitre.oval:def:6347", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6347" + }, + { + "name": "ADV-2009-3334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3334" + }, + { + "name": "MDVSA-2009:294", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3591.json b/2009/3xxx/CVE-2009-3591.json index 0c6b1f88c78..9fbf2a93ff2 100644 --- a/2009/3xxx/CVE-2009-3591.json +++ b/2009/3xxx/CVE-2009-3591.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091006 Dopewars 1.5.12 Server Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507012/100/0/threaded" - }, - { - "name" : "http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/ChangeLog?view=markup&pathrev=1033", - "refsource" : "CONFIRM", - "url" : "http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/ChangeLog?view=markup&pathrev=1033" - }, - { - "name" : "http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1023&r2=1033&pathrev=1033", - "refsource" : "CONFIRM", - "url" : "http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1023&r2=1033&pathrev=1033" - }, - { - "name" : "36606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36606" - }, - { - "name" : "36961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091006 Dopewars 1.5.12 Server Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507012/100/0/threaded" + }, + { + "name": "36961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36961" + }, + { + "name": "http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1023&r2=1033&pathrev=1033", + "refsource": "CONFIRM", + "url": "http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1023&r2=1033&pathrev=1033" + }, + { + "name": "36606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36606" + }, + { + "name": "http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/ChangeLog?view=markup&pathrev=1033", + "refsource": "CONFIRM", + "url": "http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/ChangeLog?view=markup&pathrev=1033" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3715.json b/2009/3xxx/CVE-2009-3715.json index fae2ab1a896..5671d810abf 100644 --- a/2009/3xxx/CVE-2009-3715.json +++ b/2009/3xxx/CVE-2009-3715.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9205", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9205" - }, - { - "name" : "56063", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56063" - }, - { - "name" : "35885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35885" - }, - { - "name" : "ADV-2009-1961", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1961" - }, - { - "name" : "mcshoutbox-scrlogin-sql-injection(51863)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9205", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9205" + }, + { + "name": "35885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35885" + }, + { + "name": "56063", + "refsource": "OSVDB", + "url": "http://osvdb.org/56063" + }, + { + "name": "ADV-2009-1961", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1961" + }, + { + "name": "mcshoutbox-scrlogin-sql-injection(51863)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51863" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4105.json b/2009/4xxx/CVE-2009-4105.json index 6fe91ef6543..e87b4fade54 100644 --- a/2009/4xxx/CVE-2009-4105.json +++ b/2009/4xxx/CVE-2009-4105.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091124 TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote DoS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508048/100/0/threaded" - }, - { - "name" : "37114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37114" - }, - { - "name" : "1023234", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023234" - }, - { - "name" : "typsoft-ftpserver-appe-dele-dos(54407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091124 TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote DoS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508048/100/0/threaded" + }, + { + "name": "37114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37114" + }, + { + "name": "1023234", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023234" + }, + { + "name": "typsoft-ftpserver-appe-dele-dos(54407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54407" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4202.json b/2009/4xxx/CVE-2009-4202.json index 43b405285f4..49633b763e5 100644 --- a/2009/4xxx/CVE-2009-4202.json +++ b/2009/4xxx/CVE-2009-4202.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8870", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8870" - }, - { - "name" : "35201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35201" - }, - { - "name" : "ADV-2009-1494", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1494", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1494" + }, + { + "name": "8870", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8870" + }, + { + "name": "35201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35201" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4552.json b/2009/4xxx/CVE-2009-4552.json index 700d90eb55d..3e638a63129 100644 --- a/2009/4xxx/CVE-2009-4552.json +++ b/2009/4xxx/CVE-2009-4552.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9339", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9339" - }, - { - "name" : "35870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9339", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9339" + }, + { + "name": "35870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35870" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4588.json b/2009/4xxx/CVE-2009-4588.json index 6b2c71a8eb6..3cde8e37423 100644 --- a/2009/4xxx/CVE-2009-4588.json +++ b/2009/4xxx/CVE-2009-4588.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9116", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9116" - }, - { - "name" : "http://www.shinnai.net/exploits/nsGUdeley3EHfKEV690p.txt", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/exploits/nsGUdeley3EHfKEV690p.txt" - }, - { - "name" : "35764", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35764" - }, - { - "name" : "web3d-activex-bo(51672)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35764", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35764" + }, + { + "name": "http://www.shinnai.net/exploits/nsGUdeley3EHfKEV690p.txt", + "refsource": "MISC", + "url": "http://www.shinnai.net/exploits/nsGUdeley3EHfKEV690p.txt" + }, + { + "name": "9116", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9116" + }, + { + "name": "web3d-activex-bo(51672)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51672" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4624.json b/2009/4xxx/CVE-2009-4624.json index 00d3001e904..04dfa57dd8d 100644 --- a/2009/4xxx/CVE-2009-4624.json +++ b/2009/4xxx/CVE-2009-4624.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9631", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9631" - }, - { - "name" : "36348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36348" - }, - { - "name" : "36659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36659" - }, - { - "name" : "idesk-download-sql-injection(53139)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "idesk-download-sql-injection(53139)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53139" + }, + { + "name": "36348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36348" + }, + { + "name": "36659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36659" + }, + { + "name": "9631", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9631" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4950.json b/2009/4xxx/CVE-2009-4950.json index 5bb97072efc..283e39d727e 100644 --- a/2009/4xxx/CVE-2009-4950.json +++ b/2009/4xxx/CVE-2009-4950.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4973.json b/2009/4xxx/CVE-2009-4973.json index 29c4e5f4dbd..bf5ba646e0e 100644 --- a/2009/4xxx/CVE-2009-4973.json +++ b/2009/4xxx/CVE-2009-4973.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9524", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9524", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9524" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0065.json b/2015/0xxx/CVE-2015-0065.json index dbad27673fb..12b44cba3ad 100644 --- a/2015/0xxx/CVE-2015-0065.json +++ b/2015/0xxx/CVE-2015-0065.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"OneTableDocumentStream Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37966", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37966/" - }, - { - "name" : "MS15-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012" - }, - { - "name" : "72465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72465" - }, - { - "name" : "1031720", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031720" - }, - { - "name" : "62808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"OneTableDocumentStream Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62808" + }, + { + "name": "MS15-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012" + }, + { + "name": "37966", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37966/" + }, + { + "name": "72465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72465" + }, + { + "name": "1031720", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031720" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0169.json b/2015/0xxx/CVE-2015-0169.json index a4d1123dc7b..fc7ca4c51f1 100644 --- a/2015/0xxx/CVE-2015-0169.json +++ b/2015/0xxx/CVE-2015-0169.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699470", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0689.json b/2015/0xxx/CVE-2015-0689.json index 6890448f271..7961f433fea 100644 --- a/2015/0xxx/CVE-2015-0689.json +++ b/2015/0xxx/CVE-2015-0689.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150406 Cisco Cloud Web Security Filtering Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=38221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150406 Cisco Cloud Web Security Filtering Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=38221" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0700.json b/2015/0xxx/CVE-2015-0700.json index 882f8034d5e..2d8e7db4dee 100644 --- a/2015/0xxx/CVE-2015-0700.json +++ b/2015/0xxx/CVE-2015-0700.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150416 Cisco Secure Access Control Server Dashboard Page Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38403" - }, - { - "name" : "1032163", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032163", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032163" + }, + { + "name": "20150416 Cisco Secure Access Control Server Dashboard Page Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38403" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0945.json b/2015/0xxx/CVE-2015-0945.json index 8a0669b9c3b..0f3bdbdbbd7 100644 --- a/2015/0xxx/CVE-2015-0945.json +++ b/2015/0xxx/CVE-2015-0945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1120.json b/2015/1xxx/CVE-2015-1120.json index 09183ff974d..acb4cc0199d 100644 --- a/2015/1xxx/CVE-2015-1120.json +++ b/2015/1xxx/CVE-2015-1120.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204658", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204658" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-04-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:0915", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" - }, - { - "name" : "USN-2937-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2937-1" - }, - { - "name" : "73972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73972" - }, - { - "name" : "1032047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204658", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204658" + }, + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "APPLE-SA-2015-04-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html" + }, + { + "name": "73972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73972" + }, + { + "name": "1032047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032047" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "openSUSE-SU-2016:0915", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + }, + { + "name": "USN-2937-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2937-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1394.json b/2015/1xxx/CVE-2015-1394.json index f288d366745..7e57286d7ec 100644 --- a/2015/1xxx/CVE-2015-1394.json +++ b/2015/1xxx/CVE-2015-1394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1394", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1394", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1790.json b/2015/1xxx/CVE-2015-1790.json index 59d2e944561..b9e4642bcf2 100644 --- a/2015/1xxx/CVE-2015-1790.json +++ b/2015/1xxx/CVE-2015-1790.json @@ -1,317 +1,317 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686", - "refsource" : "CONFIRM", - "url" : "https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686" - }, - { - "name" : "https://www.openssl.org/news/secadv_20150611.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20150611.txt" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015", - "refsource" : "CONFIRM", - "url" : "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733" - }, - { - "name" : "https://openssl.org/news/secadv/20150611.txt", - "refsource" : "CONFIRM", - "url" : "https://openssl.org/news/secadv/20150611.txt" - }, - { - "name" : "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015" - }, - { - "name" : "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa98", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa98" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10122" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl" - }, - { - "name" : "DSA-3287", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3287" - }, - { - "name" : "FEDORA-2015-10047", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html" - }, - { - "name" : "FEDORA-2015-10108", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html" - }, - { - "name" : "GLSA-201506-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-02" - }, - { - "name" : "HPSBUX03388", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143880121627664&w=2" - }, - { - "name" : "SSRT102180", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143880121627664&w=2" - }, - { - "name" : "HPSBGN03371", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143654156615516&w=2" - }, - { - "name" : "HPSBMU03409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" - }, - { - "name" : "NetBSD-SA2015-008", - "refsource" : "NETBSD", - "url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" - }, - { - "name" : "RHSA-2015:1115", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1115.html" - }, - { - "name" : "RHSA-2015:1197", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1197.html" - }, - { - "name" : "openSUSE-SU-2016:0640", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" - }, - { - "name" : "openSUSE-SU-2015:1277", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" - }, - { - "name" : "SUSE-SU-2015:1143", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" - }, - { - "name" : "SUSE-SU-2015:1150", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:1181", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:1182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:1183", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:1184", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" - }, - { - "name" : "openSUSE-SU-2015:1139", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" - }, - { - "name" : "SUSE-SU-2015:1185", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html" - }, - { - "name" : "USN-2639-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2639-1" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "75157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75157" - }, - { - "name" : "1032564", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:1184", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" + }, + { + "name": "SSRT102180", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2" + }, + { + "name": "DSA-3287", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3287" + }, + { + "name": "SUSE-SU-2015:1150", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122" + }, + { + "name": "SUSE-SU-2015:1183", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html" + }, + { + "name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015", + "refsource": "CONFIRM", + "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015" + }, + { + "name": "HPSBMU03409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965" + }, + { + "name": "https://openssl.org/news/secadv/20150611.txt", + "refsource": "CONFIRM", + "url": "https://openssl.org/news/secadv/20150611.txt" + }, + { + "name": "RHSA-2015:1115", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "RHSA-2015:1197", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "SUSE-SU-2015:1182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" + }, + { + "name": "SUSE-SU-2015:1143", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "openSUSE-SU-2016:0640", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "1032564", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032564" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" + }, + { + "name": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015" + }, + { + "name": "FEDORA-2015-10108", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl" + }, + { + "name": "openSUSE-SU-2015:1277", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" + }, + { + "name": "SUSE-SU-2015:1181", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "USN-2639-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2639-1" + }, + { + "name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015" + }, + { + "name": "GLSA-201506-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-02" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686", + "refsource": "CONFIRM", + "url": "https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686" + }, + { + "name": "HPSBUX03388", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" + }, + { + "name": "FEDORA-2015-10047", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "SUSE-SU-2015:1185", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694" + }, + { + "name": "openSUSE-SU-2015:1139", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa98", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa98" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733" + }, + { + "name": "NetBSD-SA2015-008", + "refsource": "NETBSD", + "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" + }, + { + "name": "https://www.openssl.org/news/secadv_20150611.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20150611.txt" + }, + { + "name": "75157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75157" + }, + { + "name": "HPSBGN03371", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143654156615516&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1901.json b/2015/1xxx/CVE-2015-1901.json index 7ca4f551d4a..dc6dd28a0b1 100644 --- a/2015/1xxx/CVE-2015-1901.json +++ b/2015/1xxx/CVE-2015-1901.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21701436", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21701436" - }, - { - "name" : "JR52549", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52549" - }, - { - "name" : "75162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75162" - }, - { - "name" : "1032633", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21701436", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701436" + }, + { + "name": "JR52549", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52549" + }, + { + "name": "1032633", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032633" + }, + { + "name": "75162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75162" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1936.json b/2015/1xxx/CVE-2015-1936.json index 00629d4b565..849cf615782 100644 --- a/2015/1xxx/CVE-2015-1936.json +++ b/2015/1xxx/CVE-2015-1936.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959083", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959083" - }, - { - "name" : "PI37230", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37230" - }, - { - "name" : "75480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083" + }, + { + "name": "75480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75480" + }, + { + "name": "PI37230", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37230" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5417.json b/2015/5xxx/CVE-2015-5417.json index c5808b557aa..09b4755cfb9 100644 --- a/2015/5xxx/CVE-2015-5417.json +++ b/2015/5xxx/CVE-2015-5417.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-405", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-405" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027" - }, - { - "name" : "76457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76457" - }, - { - "name" : "1033362", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-405", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-405" + }, + { + "name": "76457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76457" + }, + { + "name": "1033362", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033362" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5633.json b/2015/5xxx/CVE-2015-5633.json index caff3f7c7d5..b61846ee956 100644 --- a/2015/5xxx/CVE-2015-5633.json +++ b/2015/5xxx/CVE-2015-5633.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN71815309/995707/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN71815309/995707/index.html" - }, - { - "name" : "JVN#71815309", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN71815309/index.html" - }, - { - "name" : "JVNDB-2015-000131", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#71815309", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN71815309/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN71815309/995707/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN71815309/995707/index.html" + }, + { + "name": "JVNDB-2015-000131", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000131" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5863.json b/2015/5xxx/CVE-2015-5863.json index 6bef8ffbf12..81edb9d8c0d 100644 --- a/2015/5xxx/CVE-2015-5863.json +++ b/2015/5xxx/CVE-2015-5863.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5868.json b/2015/5xxx/CVE-2015-5868.json index 21870b2798a..dbff52953f9 100644 --- a/2015/5xxx/CVE-2015-5868.json +++ b/2015/5xxx/CVE-2015-5868.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3423.json b/2018/3xxx/CVE-2018-3423.json index 02b15031d2f..56bc5a07eea 100644 --- a/2018/3xxx/CVE-2018-3423.json +++ b/2018/3xxx/CVE-2018-3423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3447.json b/2018/3xxx/CVE-2018-3447.json index 713b575f59a..d290e59e0a2 100644 --- a/2018/3xxx/CVE-2018-3447.json +++ b/2018/3xxx/CVE-2018-3447.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3447", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3447", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3960.json b/2018/3xxx/CVE-2018-3960.json index 9d832402e12..7497b6cf8cf 100644 --- a/2018/3xxx/CVE-2018-3960.json +++ b/2018/3xxx/CVE-2018-3960.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit PDF Reader", - "version" : { - "version_data" : [ - { - "version_value" : "Foxit Software Foxit PDF Reader 9.1.0.5096." - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit PDF Reader", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.1.0.5096." + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6002.json b/2018/6xxx/CVE-2018-6002.json index a4c0c668306..c5fbe439a81 100644 --- a/2018/6xxx/CVE-2018-6002.json +++ b/2018/6xxx/CVE-2018-6002.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\\templates\\front-end.php (war_soundy_preview parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.defensecode.com/advisories/DC-2018-01-001_WordPress_Soundy_Background_Music_Plugin_Advisory.pdf", - "refsource" : "MISC", - "url" : "http://www.defensecode.com/advisories/DC-2018-01-001_WordPress_Soundy_Background_Music_Plugin_Advisory.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\\templates\\front-end.php (war_soundy_preview parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.defensecode.com/advisories/DC-2018-01-001_WordPress_Soundy_Background_Music_Plugin_Advisory.pdf", + "refsource": "MISC", + "url": "http://www.defensecode.com/advisories/DC-2018-01-001_WordPress_Soundy_Background_Music_Plugin_Advisory.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6087.json b/2018/6xxx/CVE-2018-6087.json index 6f5fb75edc0..1d6fe2a4555 100644 --- a/2018/6xxx/CVE-2018-6087.json +++ b/2018/6xxx/CVE-2018-6087.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "66.0.3359.117" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "66.0.3359.117" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/813876", - "refsource" : "MISC", - "url" : "https://crbug.com/813876" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "GLSA-201804-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-22" - }, - { - "name" : "RHSA-2018:1195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1195" - }, - { - "name" : "103917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201804-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-22" + }, + { + "name": "https://crbug.com/813876", + "refsource": "MISC", + "url": "https://crbug.com/813876" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + }, + { + "name": "103917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103917" + }, + { + "name": "RHSA-2018:1195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1195" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6534.json b/2018/6xxx/CVE-2018-6534.json index b3d55ddf6d9..1da66634ecf 100644 --- a/2018/6xxx/CVE-2018-6534.json +++ b/2018/6xxx/CVE-2018-6534.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Icinga/icinga2/pull/6104", - "refsource" : "CONFIRM", - "url" : "https://github.com/Icinga/icinga2/pull/6104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Icinga/icinga2/pull/6104", + "refsource": "CONFIRM", + "url": "https://github.com/Icinga/icinga2/pull/6104" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6676.json b/2018/6xxx/CVE-2018-6676.json index 73a559782bf..021acad9fa5 100644 --- a/2018/6xxx/CVE-2018-6676.json +++ b/2018/6xxx/CVE-2018-6676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7207.json b/2018/7xxx/CVE-2018-7207.json index 71ec416885a..286a576c225 100644 --- a/2018/7xxx/CVE-2018-7207.json +++ b/2018/7xxx/CVE-2018-7207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7207", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7207", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7396.json b/2018/7xxx/CVE-2018-7396.json index 9bcf23bfe34..fc79a44de3b 100644 --- a/2018/7xxx/CVE-2018-7396.json +++ b/2018/7xxx/CVE-2018-7396.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7396", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7396", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7926.json b/2018/7xxx/CVE-2018-7926.json index 889770d299b..2680a06a163 100644 --- a/2018/7xxx/CVE-2018-7926.json +++ b/2018/7xxx/CVE-2018-7926.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Huawei Watch 2", - "version" : { - "version_data" : [ - { - "version_value" : "Versions and earlier than OWDD.180707.001.E1" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "improper authorization" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Huawei Watch 2", + "version": { + "version_data": [ + { + "version_value": "Versions and earlier than OWDD.180707.001.E1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8090.json b/2018/8xxx/CVE-2018-8090.json index d098fc3f07c..e9039c2fd29 100644 --- a/2018/8xxx/CVE-2018-8090.json +++ b/2018/8xxx/CVE-2018-8090.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kernelm0de/CVE-2018-8090", - "refsource" : "MISC", - "url" : "https://github.com/kernelm0de/CVE-2018-8090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kernelm0de/CVE-2018-8090", + "refsource": "MISC", + "url": "https://github.com/kernelm0de/CVE-2018-8090" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8121.json b/2018/8xxx/CVE-2018-8121.json index 7c9a9ffbb6a..97a888768c1 100644 --- a/2018/8xxx/CVE-2018-8121.json +++ b/2018/8xxx/CVE-2018-8121.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8121", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8121" - }, - { - "name" : "104380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104380" - }, - { - "name" : "1041113", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041113", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041113" + }, + { + "name": "104380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104380" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8121", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8121" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8220.json b/2018/8xxx/CVE-2018-8220.json index f57c922b8f2..fa2551ac2a3 100644 --- a/2018/8xxx/CVE-2018-8220.json +++ b/2018/8xxx/CVE-2018-8220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8220", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8220", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file