diff --git a/1999/1xxx/CVE-1999-1258.json b/1999/1xxx/CVE-1999-1258.json index bb6586a1fcb..7218aaa4eb0 100644 --- a/1999/1xxx/CVE-1999-1258.json +++ b/1999/1xxx/CVE-1999-1258.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "00102", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102" - }, - { - "name" : "sun-pwdauthd(1782)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "00102", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102" + }, + { + "name": "sun-pwdauthd(1782)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1782" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1386.json b/1999/1xxx/CVE-1999-1386.json index 5614c8c0fc9..728854283be 100644 --- a/1999/1xxx/CVE-1999-1386.json +++ b/1999/1xxx/CVE-1999-1386.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980308 another /tmp race: `perl -e' opens temp file not safely", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=88932165406213&w=2" - }, - { - "name" : "http://www.redhat.com/support/errata/rh50-errata-general.html#perl", - "refsource" : "CONFIRM", - "url" : "http://www.redhat.com/support/errata/rh50-errata-general.html#perl" - }, - { - "name" : "perl-e-tmp-symlink(7243)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7243.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl", + "refsource": "CONFIRM", + "url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl" + }, + { + "name": "19980308 another /tmp race: `perl -e' opens temp file not safely", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=88932165406213&w=2" + }, + { + "name": "perl-e-tmp-symlink(7243)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7243.php" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1088.json b/2000/1xxx/CVE-2000-1088.json index 051c4f1dc44..5a8c247c163 100644 --- a/2000/1xxx/CVE-2000-1088.json +++ b/2000/1xxx/CVE-2000-1088.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the \"Extended Stored Procedure Parameter Parsing\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001201 SQL Server 2000 Extended Stored Procedure Vulnerability", - "refsource" : "ATSTAKE", - "url" : "http://marc.info/?l=bugtraq&m=97570884410184&w=2" - }, - { - "name" : "MS00-092", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092" - }, - { - "name" : "2043", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the \"Extended Stored Procedure Parameter Parsing\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2043", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2043" + }, + { + "name": "20001201 SQL Server 2000 Extended Stored Procedure Vulnerability", + "refsource": "ATSTAKE", + "url": "http://marc.info/?l=bugtraq&m=97570884410184&w=2" + }, + { + "name": "MS00-092", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2378.json b/2005/2xxx/CVE-2005-2378.json index ad132370508..adcfe7dc616 100644 --- a/2005/2xxx/CVE-2005-2378.json +++ b/2005/2xxx/CVE-2005-2378.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112181242916757&w=2" - }, - { - "name" : "20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112181054226520&w=2" - }, - { - "name" : "20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422256/30/7430/threaded" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1014525", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014525" - }, - { - "name" : "1014527", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014527" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014527", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014527" + }, + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422256/30/7430/threaded" + }, + { + "name": "1014525", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014525" + }, + { + "name": "20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112181242916757&w=2" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112181054226520&w=2" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2526.json b/2005/2xxx/CVE-2005-2526.json index e5912bcef5b..485a405cfda 100644 --- a/2005/2xxx/CVE-2005-2526.json +++ b/2005/2xxx/CVE-2005-2526.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "1014698", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014698", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014698" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2720.json b/2005/2xxx/CVE-2005-2720.json index 967074b7bfd..7c5bddac089 100644 --- a/2005/2xxx/CVE-2005-2720.json +++ b/2005/2xxx/CVE-2005-2720.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050824 Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112490854126619&w=2" - }, - { - "name" : "http://secunia.com/secunia_research/2005-33/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-33/advisory/" - }, - { - "name" : "14647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14647" - }, - { - "name" : "16488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16488/" - }, - { - "name" : "hauri-ace-vrazace-bo(22005)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16488/" + }, + { + "name": "http://secunia.com/secunia_research/2005-33/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-33/advisory/" + }, + { + "name": "14647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14647" + }, + { + "name": "hauri-ace-vrazace-bo(22005)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22005" + }, + { + "name": "20050824 Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112490854126619&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2768.json b/2005/2xxx/CVE-2005-2768.json index 77ea2a81a53..df017e54baa 100644 --- a/2005/2xxx/CVE-2005-2768.json +++ b/2005/2xxx/CVE-2005-2768.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050826 Sophos Antivirus Library Remote Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112511873420953&w=2" - }, - { - "name" : "http://www.rem0te.com/public/images/sophos.pdf", - "refsource" : "MISC", - "url" : "http://www.rem0te.com/public/images/sophos.pdf" - }, - { - "name" : "http://www.sophos.com/support/knowledgebase/article/3409.html", - "refsource" : "CONFIRM", - "url" : "http://www.sophos.com/support/knowledgebase/article/3409.html" - }, - { - "name" : "14362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14362" - }, - { - "name" : "16245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16245/" - }, - { - "name" : "sophos-bo(21608)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rem0te.com/public/images/sophos.pdf", + "refsource": "MISC", + "url": "http://www.rem0te.com/public/images/sophos.pdf" + }, + { + "name": "sophos-bo(21608)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21608" + }, + { + "name": "16245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16245/" + }, + { + "name": "14362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14362" + }, + { + "name": "http://www.sophos.com/support/knowledgebase/article/3409.html", + "refsource": "CONFIRM", + "url": "http://www.sophos.com/support/knowledgebase/article/3409.html" + }, + { + "name": "20050826 Sophos Antivirus Library Remote Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112511873420953&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2911.json b/2005/2xxx/CVE-2005-2911.json index 3a55ad2e9a7..55a26eff090 100644 --- a/2005/2xxx/CVE-2005-2911.json +++ b/2005/2xxx/CVE-2005-2911.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2911", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2911", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2994.json b/2005/2xxx/CVE-2005-2994.json index dbbdd071e9c..1765be77715 100644 --- a/2005/2xxx/CVE-2005-2994.json +++ b/2005/2xxx/CVE-2005-2994.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21216901&loc=en_US&cs=utf-8&cc=us&lang=all", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21216901&loc=en_US&cs=utf-8&cc=us&lang=all" - }, - { - "name" : "16717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21216901&loc=en_US&cs=utf-8&cc=us&lang=all", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21216901&loc=en_US&cs=utf-8&cc=us&lang=all" + }, + { + "name": "16717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16717" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3318.json b/2005/3xxx/CVE-2005-3318.json index a2bd1fcbfd8..6b5b2bf77d3 100644 --- a/2005/3xxx/CVE-2005-3318.json +++ b/2005/3xxx/CVE-2005-3318.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051026 chmlib exploitable buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0536.html" - }, - { - "name" : "http://www.sven-tantau.de/public_files/chmlib/chmlib_20051126.txt", - "refsource" : "MISC", - "url" : "http://www.sven-tantau.de/public_files/chmlib/chmlib_20051126.txt" - }, - { - "name" : "http://morte.jedrea.com/~jedwin/projects/chmlib/", - "refsource" : "CONFIRM", - "url" : "http://morte.jedrea.com/~jedwin/projects/chmlib/" - }, - { - "name" : "GLSA-200511-23", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-23.xml" - }, - { - "name" : "SUSE-SR:2005:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html" - }, - { - "name" : "15211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15211" - }, - { - "name" : "ADV-2005-2207", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2207" - }, - { - "name" : "20335", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20335" - }, - { - "name" : "17325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17325" - }, - { - "name" : "17775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17775" - }, - { - "name" : "17776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17776" - }, - { - "name" : "17480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17480" - }, - { - "name" : "chmlib-chmdecompressblock-bo(22885)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051026 chmlib exploitable buffer overflow", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0536.html" + }, + { + "name": "17480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17480" + }, + { + "name": "17775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17775" + }, + { + "name": "ADV-2005-2207", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2207" + }, + { + "name": "SUSE-SR:2005:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html" + }, + { + "name": "15211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15211" + }, + { + "name": "chmlib-chmdecompressblock-bo(22885)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22885" + }, + { + "name": "20335", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20335" + }, + { + "name": "17325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17325" + }, + { + "name": "17776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17776" + }, + { + "name": "http://www.sven-tantau.de/public_files/chmlib/chmlib_20051126.txt", + "refsource": "MISC", + "url": "http://www.sven-tantau.de/public_files/chmlib/chmlib_20051126.txt" + }, + { + "name": "GLSA-200511-23", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-23.xml" + }, + { + "name": "http://morte.jedrea.com/~jedwin/projects/chmlib/", + "refsource": "CONFIRM", + "url": "http://morte.jedrea.com/~jedwin/projects/chmlib/" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4242.json b/2005/4xxx/CVE-2005-4242.json index a471b7e26b3..d841f28d0df 100644 --- a/2005/4xxx/CVE-2005-4242.json +++ b/2005/4xxx/CVE-2005-4242.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[horde-announce] 20051211 Turba H3 (2.0.5) (final) ", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2005/000235.html" - }, - { - "name" : "ADV-2005-2837", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2837" - }, - { - "name" : "17968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[horde-announce] 20051211 Turba H3 (2.0.5) (final)", + "url": "http://lists.horde.org/archives/announce/2005/000235.html" + }, + { + "name": "17968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17968" + }, + { + "name": "ADV-2005-2837", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2837" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4268.json b/2005/4xxx/CVE-2005-4268.json index 6d31a18a33b..3868eee0be1 100644 --- a/2005/4xxx/CVE-2005-4268.json +++ b/2005/4xxx/CVE-2005-4268.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-4268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1338", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1338" - }, - { - "name" : "FreeBSD-SA-06:03", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc" - }, - { - "name" : "MDKSA-2005:237", - "refsource" : "MANDRIVA", - "url" : "http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:237" - }, - { - "name" : "RHSA-2007:0245", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0245.html" - }, - { - "name" : "RHSA-2010:0145", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0145.html" - }, - { - "name" : "SUSE-SR:2006:010", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" - }, - { - "name" : "USN-234-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/234-1/" - }, - { - "name" : "16057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16057" - }, - { - "name" : "22194", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22194" - }, - { - "name" : "oval:org.mitre.oval:def:10450", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10450" - }, - { - "name" : "oval:org.mitre.oval:def:6860", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6860" - }, - { - "name" : "18251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18251" - }, - { - "name" : "18278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18278" - }, - { - "name" : "18280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18280" - }, - { - "name" : "18395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18395" - }, - { - "name" : "20117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20117" - }, - { - "name" : "25098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25098" - }, - { - "name" : "25161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25161" - }, - { - "name" : "cpio-file-size-bo(23855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25098" + }, + { + "name": "RHSA-2007:0245", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0245.html" + }, + { + "name": "25161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25161" + }, + { + "name": "cpio-file-size-bo(23855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23855" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1338", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1338" + }, + { + "name": "FreeBSD-SA-06:03", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc" + }, + { + "name": "18280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18280" + }, + { + "name": "22194", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22194" + }, + { + "name": "MDKSA-2005:237", + "refsource": "MANDRIVA", + "url": "http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:237" + }, + { + "name": "oval:org.mitre.oval:def:6860", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6860" + }, + { + "name": "RHSA-2010:0145", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0145.html" + }, + { + "name": "SUSE-SR:2006:010", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" + }, + { + "name": "20117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20117" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669" + }, + { + "name": "oval:org.mitre.oval:def:10450", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10450" + }, + { + "name": "16057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16057" + }, + { + "name": "18278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18278" + }, + { + "name": "18395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18395" + }, + { + "name": "18251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18251" + }, + { + "name": "USN-234-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/234-1/" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4469.json b/2005/4xxx/CVE-2005-4469.json index b2c3b097ef3..1326621f9ac 100644 --- a/2005/4xxx/CVE-2005-4469.json +++ b/2005/4xxx/CVE-2005-4469.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 PHPGedView <= 3.3.7 remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419906/100/0/threaded" - }, - { - "name" : "http://rgod.altervista.org/phpgedview_337_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/phpgedview_337_xpl.html" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.35&r2=1.71.2.36", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.35&r2=1.71.2.36" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.36&r2=1.71.2.37", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.36&r2=1.71.2.37" - }, - { - "name" : "https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081" - }, - { - "name" : "15983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15983" - }, - { - "name" : "ADV-2005-3033", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3033" - }, - { - "name" : "22010", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22010" - }, - { - "name" : "1015395", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015395" - }, - { - "name" : "18177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18177" - }, - { - "name" : "phpgedview-multi-field-xss(23873)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15983" + }, + { + "name": "http://rgod.altervista.org/phpgedview_337_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/phpgedview_337_xpl.html" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.36&r2=1.71.2.37", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.36&r2=1.71.2.37" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.35&r2=1.71.2.36", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.35&r2=1.71.2.36" + }, + { + "name": "22010", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22010" + }, + { + "name": "20051220 PHPGedView <= 3.3.7 remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419906/100/0/threaded" + }, + { + "name": "18177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18177" + }, + { + "name": "phpgedview-multi-field-xss(23873)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23873" + }, + { + "name": "ADV-2005-3033", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3033" + }, + { + "name": "1015395", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015395" + }, + { + "name": "https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2077.json b/2009/2xxx/CVE-2009-2077.json index a092f8bcc58..5aa2a79a728 100644 --- a/2009/2xxx/CVE-2009-2077.json +++ b/2009/2xxx/CVE-2009-2077.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/488068", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/488068" - }, - { - "name" : "http://drupal.org/node/488082", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/488082" - }, - { - "name" : "35304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35304" - }, - { - "name" : "35425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/488082", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/488082" + }, + { + "name": "35304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35304" + }, + { + "name": "35425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35425" + }, + { + "name": "http://drupal.org/node/488068", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/488068" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2092.json b/2009/2xxx/CVE-2009-2092.json index cb7953272d2..6ed30e98c51 100644 --- a/2009/2xxx/CVE-2009-2092.json +++ b/2009/2xxx/CVE-2009-2092.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PK89385", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK89385" - }, - { - "name" : "36155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36155" - }, - { - "name" : "34461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34461" - }, - { - "name" : "was-ibmportlet-security-bypass(52375)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34461" + }, + { + "name": "was-ibmportlet-security-bypass(52375)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52375" + }, + { + "name": "36155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36155" + }, + { + "name": "PK89385", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK89385" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2394.json b/2009/2xxx/CVE-2009-2394.json index 627f61d950c..91e9ad354af 100644 --- a/2009/2xxx/CVE-2009-2394.json +++ b/2009/2xxx/CVE-2009-2394.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9027", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9027", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9027" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2776.json b/2009/2xxx/CVE-2009-2776.json index 0ebc400f0e3..a5a961d6344 100644 --- a/2009/2xxx/CVE-2009-2776.json +++ b/2009/2xxx/CVE-2009-2776.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/smartasp-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/smartasp-sql.txt" - }, - { - "name" : "56575", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56575" - }, - { - "name" : "36028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36028" + }, + { + "name": "56575", + "refsource": "OSVDB", + "url": "http://osvdb.org/56575" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/smartasp-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/smartasp-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2950.json b/2009/2xxx/CVE-2009-2950.json index 1314720f879..12b2369bbcb 100644 --- a/2009/2xxx/CVE-2009-2950.json +++ b/2009/2xxx/CVE-2009-2950.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openoffice.org/security/bulletin.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/bulletin.html" - }, - { - "name" : "http://www.openoffice.org/security/cves/CVE-2009-2950.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2009-2950.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=527512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=527512" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "DSA-1995", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1995" - }, - { - "name" : "GLSA-201408-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" - }, - { - "name" : "MDVSA-2010:221", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" - }, - { - "name" : "RHSA-2010:0101", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0101.html" - }, - { - "name" : "SUSE-SA:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html" - }, - { - "name" : "USN-903-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-903-1" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - }, - { - "name" : "38218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38218" - }, - { - "name" : "oval:org.mitre.oval:def:11050", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11050" - }, - { - "name" : "1023591", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023591" - }, - { - "name" : "38567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38567" - }, - { - "name" : "38568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38568" - }, - { - "name" : "38695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38695" - }, - { - "name" : "38921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38921" - }, - { - "name" : "60799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60799" - }, - { - "name" : "41818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41818" - }, - { - "name" : "ADV-2010-0366", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0366" - }, - { - "name" : "ADV-2010-0635", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0635" - }, - { - "name" : "ADV-2010-2905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2905" - }, - { - "name" : "openoffice-gif-bo(56238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:221", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" + }, + { + "name": "60799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60799" + }, + { + "name": "GLSA-201408-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2009-2950.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2009-2950.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=527512", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=527512" + }, + { + "name": "38695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38695" + }, + { + "name": "DSA-1995", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1995" + }, + { + "name": "USN-903-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-903-1" + }, + { + "name": "ADV-2010-0366", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0366" + }, + { + "name": "SUSE-SA:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html" + }, + { + "name": "38567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38567" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "openoffice-gif-bo(56238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56238" + }, + { + "name": "38218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38218" + }, + { + "name": "ADV-2010-0635", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0635" + }, + { + "name": "38568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38568" + }, + { + "name": "1023591", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023591" + }, + { + "name": "http://www.openoffice.org/security/bulletin.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/bulletin.html" + }, + { + "name": "41818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41818" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + }, + { + "name": "oval:org.mitre.oval:def:11050", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11050" + }, + { + "name": "RHSA-2010:0101", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0101.html" + }, + { + "name": "38921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38921" + }, + { + "name": "ADV-2010-2905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2905" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3215.json b/2009/3xxx/CVE-2009-3215.json index b519cc7a984..b3a3aea8eeb 100644 --- a/2009/3xxx/CVE-2009-3215.json +++ b/2009/3xxx/CVE-2009-3215.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090725 IXXO Cart! Standalone and Joomla Component SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505266/100/0/threaded" - }, - { - "name" : "9276", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9276" - }, - { - "name" : "http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/", - "refsource" : "MISC", - "url" : "http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/" - }, - { - "name" : "35810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35810" - }, - { - "name" : "36009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/", + "refsource": "MISC", + "url": "http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/" + }, + { + "name": "9276", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9276" + }, + { + "name": "36009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36009" + }, + { + "name": "20090725 IXXO Cart! Standalone and Joomla Component SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505266/100/0/threaded" + }, + { + "name": "35810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35810" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3287.json b/2009/3xxx/CVE-2009-3287.json index 99526e0622a..090a660f4ac 100644 --- a/2009/3xxx/CVE-2009-3287.json +++ b/2009/3xxx/CVE-2009-3287.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090912 CVE request(?): Thin: Client IP spoofing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/12/1" - }, - { - "name" : "http://github.com/macournoyer/thin/blob/master/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://github.com/macournoyer/thin/blob/master/CHANGELOG" - }, - { - "name" : "http://github.com/macournoyer/thin/commit/7bd027914c5ffd36bb408ef47dc749de3b6e063a", - "refsource" : "CONFIRM", - "url" : "http://github.com/macournoyer/thin/commit/7bd027914c5ffd36bb408ef47dc749de3b6e063a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://github.com/macournoyer/thin/blob/master/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://github.com/macournoyer/thin/blob/master/CHANGELOG" + }, + { + "name": "http://github.com/macournoyer/thin/commit/7bd027914c5ffd36bb408ef47dc749de3b6e063a", + "refsource": "CONFIRM", + "url": "http://github.com/macournoyer/thin/commit/7bd027914c5ffd36bb408ef47dc749de3b6e063a" + }, + { + "name": "[oss-security] 20090912 CVE request(?): Thin: Client IP spoofing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/12/1" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3447.json b/2009/3xxx/CVE-2009-3447.json index fd9f8f74e94..21ba6dc9a12 100644 --- a/2009/3xxx/CVE-2009-3447.json +++ b/2009/3xxx/CVE-2009-3447.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090917 SEC Consult SA-20090917-0 :: RADactive I-Load Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506555/100/0/threaded" - }, - { - "name" : "https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt" - }, - { - "name" : "http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339", - "refsource" : "CONFIRM", - "url" : "http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339" - }, - { - "name" : "58197", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58197" - }, - { - "name" : "23807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090917 SEC Consult SA-20090917-0 :: RADactive I-Load Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506555/100/0/threaded" + }, + { + "name": "23807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23807" + }, + { + "name": "http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339", + "refsource": "CONFIRM", + "url": "http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339" + }, + { + "name": "58197", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58197" + }, + { + "name": "https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3529.json b/2009/3xxx/CVE-2009-3529.json index 4f0fe1f9449..53fe28afce2 100644 --- a/2009/3xxx/CVE-2009-3529.json +++ b/2009/3xxx/CVE-2009-3529.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9194", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9194" - }, - { - "name" : "35827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35827" + }, + { + "name": "9194", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9194" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4291.json b/2009/4xxx/CVE-2009-4291.json index d3d76c06c61..db65fc3d427 100644 --- a/2009/4xxx/CVE-2009-4291.json +++ b/2009/4xxx/CVE-2009-4291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4291", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4291", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4521.json b/2009/4xxx/CVE-2009-4521.json index 621369d2f3b..df9eb2e0bf6 100644 --- a/2009/4xxx/CVE-2009-4521.json +++ b/2009/4xxx/CVE-2009-4521.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091013 [AntiSnatchOr] Eclipse BIRT <= 2.2.1 Reflected XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507172/100/0/threaded" - }, - { - "name" : "http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss", - "refsource" : "MISC", - "url" : "http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss" - }, - { - "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=259127", - "refsource" : "CONFIRM", - "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=259127" - }, - { - "name" : "36674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36674" - }, - { - "name" : "58941", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58941" - }, - { - "name" : "37025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37025" - }, - { - "name" : "eclipse-report-xss(53773)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=259127", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=259127" + }, + { + "name": "20091013 [AntiSnatchOr] Eclipse BIRT <= 2.2.1 Reflected XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507172/100/0/threaded" + }, + { + "name": "37025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37025" + }, + { + "name": "eclipse-report-xss(53773)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53773" + }, + { + "name": "http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss", + "refsource": "MISC", + "url": "http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss" + }, + { + "name": "36674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36674" + }, + { + "name": "58941", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58941" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4571.json b/2009/4xxx/CVE-2009-4571.json index 59bf6ebcf34..e4af07ba217 100644 --- a/2009/4xxx/CVE-2009-4571.json +++ b/2009/4xxx/CVE-2009-4571.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091206 PhpShop Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508270/100/0/threaded" - }, - { - "name" : "http://www.andreafabrizi.it/?exploits:phpshop", - "refsource" : "MISC", - "url" : "http://www.andreafabrizi.it/?exploits:phpshop" - }, - { - "name" : "37227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37227" - }, - { - "name" : "31948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31948" - }, - { - "name" : "phpshop-id-sql-injection(54584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.andreafabrizi.it/?exploits:phpshop", + "refsource": "MISC", + "url": "http://www.andreafabrizi.it/?exploits:phpshop" + }, + { + "name": "31948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31948" + }, + { + "name": "37227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37227" + }, + { + "name": "phpshop-id-sql-injection(54584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54584" + }, + { + "name": "20091206 PhpShop Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508270/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0332.json b/2015/0xxx/CVE-2015-0332.json index 818fa43c8d2..eb42e586001 100644 --- a/2015/0xxx/CVE-2015-0332.json +++ b/2015/0xxx/CVE-2015-0332.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html" - }, - { - "name" : "GLSA-201503-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-09" - }, - { - "name" : "RHSA-2015:0697", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0697.html" - }, - { - "name" : "SUSE-SU-2015:0491", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:0493", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html" - }, - { - "name" : "openSUSE-SU-2015:0490", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:0496", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html" - }, - { - "name" : "openSUSE-SU-2015:0725", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" - }, - { - "name" : "1031922", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0490", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html" + }, + { + "name": "GLSA-201503-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-09" + }, + { + "name": "1031922", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031922" + }, + { + "name": "SUSE-SU-2015:0493", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html" + }, + { + "name": "openSUSE-SU-2015:0496", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html" + }, + { + "name": "RHSA-2015:0697", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0697.html" + }, + { + "name": "openSUSE-SU-2015:0725", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" + }, + { + "name": "SUSE-SU-2015:0491", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0561.json b/2015/0xxx/CVE-2015-0561.json index 1da987fcf55..caaa919abbe 100644 --- a/2015/0xxx/CVE-2015-0561.json +++ b/2015/0xxx/CVE-2015-0561.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2015-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2015-02.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10773", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10773" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8e96830156bea314207b97315ccebd605317f142", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8e96830156bea314207b97315ccebd605317f142" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "openSUSE-SU-2015:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html" - }, - { - "name" : "62612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10773", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10773" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2015-02.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2015-02.html" + }, + { + "name": "62612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62612" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "openSUSE-SU-2015:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8e96830156bea314207b97315ccebd605317f142", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8e96830156bea314207b97315ccebd605317f142" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0597.json b/2015/0xxx/CVE-2015-0597.json index 0a71b5dcac1..22fd322cb5e 100644 --- a/2015/0xxx/CVE-2015-0597.json +++ b/2015/0xxx/CVE-2015-0597.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37240", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37240" - }, - { - "name" : "20150129 Cisco WebEx Meetings Server User Enumeration Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0597" - }, - { - "name" : "72373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72373" - }, - { - "name" : "1031678", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031678" - }, - { - "name" : "cisco-webex-cve20150597-info-disc(100658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-webex-cve20150597-info-disc(100658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100658" + }, + { + "name": "20150129 Cisco WebEx Meetings Server User Enumeration Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0597" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37240", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37240" + }, + { + "name": "72373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72373" + }, + { + "name": "1031678", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031678" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0947.json b/2015/0xxx/CVE-2015-0947.json index 40f2dd5b93e..86069d820af 100644 --- a/2015/0xxx/CVE-2015-0947.json +++ b/2015/0xxx/CVE-2015-0947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0947", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0947", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0965.json b/2015/0xxx/CVE-2015-0965.json index 7593462356c..699aef9dd77 100644 --- a/2015/0xxx/CVE-2015-0965.json +++ b/2015/0xxx/CVE-2015-0965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0965", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0965", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1299.json b/2015/1xxx/CVE-2015-1299.json index 570b81020b7..18eceefd89d 100644 --- a/2015/1xxx/CVE-2015-1299.json +++ b/2015/1xxx/CVE-2015-1299.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=416362", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=416362" - }, - { - "name" : "https://codereview.chromium.org/1153763005/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1153763005/" - }, - { - "name" : "https://codereview.chromium.org/956333002/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/956333002/" - }, - { - "name" : "https://codereview.chromium.org/959263002/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/959263002/" - }, - { - "name" : "DSA-3351", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3351" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1712", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1712.html" - }, - { - "name" : "openSUSE-SU-2015:1873", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2015:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" - }, - { - "name" : "1033472", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1873", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" + }, + { + "name": "RHSA-2015:1712", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1712.html" + }, + { + "name": "https://codereview.chromium.org/959263002/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/959263002/" + }, + { + "name": "1033472", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033472" + }, + { + "name": "openSUSE-SU-2015:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" + }, + { + "name": "DSA-3351", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3351" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "https://codereview.chromium.org/956333002/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/956333002/" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=416362", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=416362" + }, + { + "name": "https://codereview.chromium.org/1153763005/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1153763005/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1334.json b/2015/1xxx/CVE-2015-1334.json index 27d8fdbf32c..b27d1363f52 100644 --- a/2015/1xxx/CVE-2015-1334.json +++ b/2015/1xxx/CVE-2015-1334.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-1334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", - "refsource" : "MISC", - "url" : "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html" - }, - { - "name" : "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e", - "refsource" : "CONFIRM", - "url" : "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e" - }, - { - "name" : "DSA-3317", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3317" - }, - { - "name" : "openSUSE-SU-2015:1315", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html" - }, - { - "name" : "openSUSE-SU-2015:1317", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html" - }, - { - "name" : "USN-2675-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2675-1" - }, - { - "name" : "75998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3317", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3317" + }, + { + "name": "USN-2675-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2675-1" + }, + { + "name": "openSUSE-SU-2015:1315", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html" + }, + { + "name": "75998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75998" + }, + { + "name": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", + "refsource": "MISC", + "url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html" + }, + { + "name": "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e", + "refsource": "CONFIRM", + "url": "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e" + }, + { + "name": "openSUSE-SU-2015:1317", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1642.json b/2015/1xxx/CVE-2015-1642.json index e477b8cf403..502daed0c94 100644 --- a/2015/1xxx/CVE-2015-1642.json +++ b/2015/1xxx/CVE-2015-1642.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150901 Microsoft Word \"TaskSymbol Control\" Use After Free Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1203" - }, - { - "name" : "MS15-081", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081" - }, - { - "name" : "1033239", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150901 Microsoft Word \"TaskSymbol Control\" Use After Free Vulnerability", + "refsource": "IDEFENSE", + "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1203" + }, + { + "name": "MS15-081", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081" + }, + { + "name": "1033239", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033239" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1805.json b/2015/1xxx/CVE-2015-1805.json index 3ee79c5eb97..0ffa99249f9 100644 --- a/2015/1xxx/CVE-2015-1805.json +++ b/2015/1xxx/CVE-2015-1805.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150606 CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/06/2" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202855", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202855" - }, - { - "name" : "https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3290", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3290" - }, - { - "name" : "RHSA-2015:1190", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1190.html" - }, - { - "name" : "RHSA-2015:1199", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1199.html" - }, - { - "name" : "RHSA-2015:1211", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1211.html" - }, - { - "name" : "RHSA-2015:1042", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1042.html" - }, - { - "name" : "RHSA-2015:1120", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1120.html" - }, - { - "name" : "RHSA-2015:1081", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1081.html" - }, - { - "name" : "RHSA-2015:1082", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1082.html" - }, - { - "name" : "RHSA-2015:1137", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1137.html" - }, - { - "name" : "RHSA-2015:1138", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1138.html" - }, - { - "name" : "SUSE-SU-2015:1478", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1611", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:1224", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" - }, - { - "name" : "SUSE-SU-2015:1324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" - }, - { - "name" : "SUSE-SU-2015:1490", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html" - }, - { - "name" : "SUSE-SU-2015:1487", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:1488", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html" - }, - { - "name" : "SUSE-SU-2015:1489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html" - }, - { - "name" : "SUSE-SU-2015:1491", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html" - }, - { - "name" : "USN-2967-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-1" - }, - { - "name" : "USN-2967-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-2" - }, - { - "name" : "USN-2679-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2679-1" - }, - { - "name" : "USN-2680-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2680-1" - }, - { - "name" : "USN-2681-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2681-1" - }, - { - "name" : "74951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74951" - }, - { - "name" : "1032454", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1211", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1211.html" + }, + { + "name": "DSA-3290", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3290" + }, + { + "name": "1032454", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032454" + }, + { + "name": "SUSE-SU-2015:1491", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html" + }, + { + "name": "74951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74951" + }, + { + "name": "RHSA-2015:1120", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1120.html" + }, + { + "name": "USN-2967-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-1" + }, + { + "name": "SUSE-SU-2015:1489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html" + }, + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202855", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202855" + }, + { + "name": "SUSE-SU-2015:1488", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html" + }, + { + "name": "USN-2680-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2680-1" + }, + { + "name": "RHSA-2015:1082", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1082.html" + }, + { + "name": "USN-2679-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2679-1" + }, + { + "name": "SUSE-SU-2015:1611", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" + }, + { + "name": "USN-2967-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-2" + }, + { + "name": "SUSE-SU-2015:1324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" + }, + { + "name": "RHSA-2015:1138", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "RHSA-2015:1190", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1190.html" + }, + { + "name": "[oss-security] 20150606 CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/06/2" + }, + { + "name": "RHSA-2015:1199", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1199.html" + }, + { + "name": "USN-2681-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2681-1" + }, + { + "name": "RHSA-2015:1042", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1042.html" + }, + { + "name": "SUSE-SU-2015:1478", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045" + }, + { + "name": "SUSE-SU-2015:1490", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html" + }, + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + }, + { + "name": "SUSE-SU-2015:1224", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" + }, + { + "name": "RHSA-2015:1137", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html" + }, + { + "name": "SUSE-SU-2015:1487", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1" + }, + { + "name": "SUSE-SU-2015:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045" + }, + { + "name": "https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1" + }, + { + "name": "RHSA-2015:1081", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1081.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1979.json b/2015/1xxx/CVE-2015-1979.json index 8eb153cbd9d..4569f43131b 100644 --- a/2015/1xxx/CVE-2015-1979.json +++ b/2015/1xxx/CVE-2015-1979.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959695", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959695" - }, - { - "name" : "75538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959695", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959695" + }, + { + "name": "75538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75538" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4264.json b/2015/4xxx/CVE-2015-4264.json index 0ccf5db1df0..05be132a7f5 100644 --- a/2015/4xxx/CVE-2015-4264.json +++ b/2015/4xxx/CVE-2015-4264.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4264", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4264", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4548.json b/2015/4xxx/CVE-2015-4548.json index 857efe8995f..aa6fe0e198a 100644 --- a/2015/4xxx/CVE-2015-4548.json +++ b/2015/4xxx/CVE-2015-4548.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-4548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150929 ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Sep/134" - }, - { - "name" : "http://packetstormsecurity.com/files/133779/RSA-Web-Threat-Detection-Privilege-Escalation-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133779/RSA-Web-Threat-Detection-Privilege-Escalation-Information-Disclosure.html" - }, - { - "name" : "1033672", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150929 ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Sep/134" + }, + { + "name": "http://packetstormsecurity.com/files/133779/RSA-Web-Threat-Detection-Privilege-Escalation-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133779/RSA-Web-Threat-Detection-Privilege-Escalation-Information-Disclosure.html" + }, + { + "name": "1033672", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033672" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4833.json b/2015/4xxx/CVE-2015-4833.json index c66778f288b..3376c3100ba 100644 --- a/2015/4xxx/CVE-2015-4833.json +++ b/2015/4xxx/CVE-2015-4833.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "USN-2781-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2781-1" - }, - { - "name" : "77170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77170" - }, - { - "name" : "1033894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033894" + }, + { + "name": "USN-2781-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2781-1" + }, + { + "name": "77170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77170" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4847.json b/2015/4xxx/CVE-2015-4847.json index 02f57f4695a..aee60e638fe 100644 --- a/2015/4xxx/CVE-2015-4847.json +++ b/2015/4xxx/CVE-2015-4847.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OCI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033899", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OCI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "1033899", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033899" + } + ] + } +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002004.json b/2018/1002xxx/CVE-2018-1002004.json index 904912a9f0b..b5844be2ee5 100644 --- a/2018/1002xxx/CVE-2018-1002004.json +++ b/2018/1002xxx/CVE-2018-1002004.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "larry0@me.com", - "DATE_ASSIGNED" : "2018-08-22", - "ID" : "CVE-2018-1002004", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Arigato Autoresponder and Newsletter", - "version" : { - "version_data" : [ - { - "version_affected" : "<=", - "version_value" : "2.5.1.8" - } - ] - } - } - ] - }, - "vendor_name" : "Kiboko Labs https://calendarscripts.info/" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2018-08-22", + "ID": "CVE-2018-1002004", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Arigato Autoresponder and Newsletter", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.5.1.8" + } + ] + } + } + ] + }, + "vendor_name": "Kiboko Labs https://calendarscripts.info/" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45434", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45434/" - }, - { - "name" : "http://www.vapidlabs.com/advisory.php?v=203", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=203" - }, - { - "name" : "https://wordpress.org/plugins/bft-autoresponder/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/bft-autoresponder/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45434", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45434/" + }, + { + "name": "https://wordpress.org/plugins/bft-autoresponder/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/bft-autoresponder/" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=203", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=203" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999035.json b/2018/1999xxx/CVE-2018-1999035.json index b6cccea55af..d4ecd36f024 100644 --- a/2018/1999xxx/CVE-2018-1999035.json +++ b/2018/1999xxx/CVE-2018-1999035.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-31T15:54:50.975986", - "DATE_REQUESTED" : "2018-07-30T00:00:00", - "ID" : "CVE-2018-1999035", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Inedo BuildMaster Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-31T15:54:50.975986", + "DATE_REQUESTED": "2018-07-30T00:00:00", + "ID": "CVE-2018-1999035", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-935" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2322.json b/2018/2xxx/CVE-2018-2322.json index 81a2192199e..74ca2a77d7b 100644 --- a/2018/2xxx/CVE-2018-2322.json +++ b/2018/2xxx/CVE-2018-2322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2322", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2322", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2411.json b/2018/2xxx/CVE-2018-2411.json index 9301985ba72..5358fda2fb7 100644 --- a/2018/2xxx/CVE-2018-2411.json +++ b/2018/2xxx/CVE-2018-2411.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2411", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2411", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3223.json b/2018/3xxx/CVE-2018-3223.json index 223961b2236..a7a1c2682f1 100644 --- a/2018/3xxx/CVE-2018-3223.json +++ b/2018/3xxx/CVE-2018-3223.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105603" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3416.json b/2018/3xxx/CVE-2018-3416.json index 5d023e58c73..4eea5198910 100644 --- a/2018/3xxx/CVE-2018-3416.json +++ b/2018/3xxx/CVE-2018-3416.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3416", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3416", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3462.json b/2018/3xxx/CVE-2018-3462.json index 0a85c00822e..5fec83e2512 100644 --- a/2018/3xxx/CVE-2018-3462.json +++ b/2018/3xxx/CVE-2018-3462.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3462", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3462", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6029.json b/2018/6xxx/CVE-2018-6029.json index f82cccb00ec..4ebc11192ad 100644 --- a/2018/6xxx/CVE-2018-6029.json +++ b/2018/6xxx/CVE-2018-6029.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the \"csdn\" substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blackwolfsec.cc/2018/01/23/Nonecms_ssrf/", - "refsource" : "MISC", - "url" : "http://blackwolfsec.cc/2018/01/23/Nonecms_ssrf/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the \"csdn\" substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blackwolfsec.cc/2018/01/23/Nonecms_ssrf/", + "refsource": "MISC", + "url": "http://blackwolfsec.cc/2018/01/23/Nonecms_ssrf/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6244.json b/2018/6xxx/CVE-2018-6244.json index 76dade77876..e0f911b54e2 100644 --- a/2018/6xxx/CVE-2018-6244.json +++ b/2018/6xxx/CVE-2018-6244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6244", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6244", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6322.json b/2018/6xxx/CVE-2018-6322.json index a3d7d7d3a22..44016237abf 100644 --- a/2018/6xxx/CVE-2018-6322.json +++ b/2018/6xxx/CVE-2018-6322.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\\pipe\\PSANMSrvcPpal -- an \"insecurely created named pipe.\" Ensures full access to Everyone users group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180309 Panda Global Security 17.0.1 - NULL DACL grants full access", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Mar/26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\\pipe\\PSANMSrvcPpal -- an \"insecurely created named pipe.\" Ensures full access to Everyone users group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180309 Panda Global Security 17.0.1 - NULL DACL grants full access", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Mar/26" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6467.json b/2018/6xxx/CVE-2018-6467.json index 9a0d8457ddb..e3dca158ac9 100644 --- a/2018/6xxx/CVE-2018-6467.json +++ b/2018/6xxx/CVE-2018-6467.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AntsKnows/CVE/blob/master/WP_Plugin_Flickr-rss", - "refsource" : "MISC", - "url" : "https://github.com/AntsKnows/CVE/blob/master/WP_Plugin_Flickr-rss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AntsKnows/CVE/blob/master/WP_Plugin_Flickr-rss", + "refsource": "MISC", + "url": "https://github.com/AntsKnows/CVE/blob/master/WP_Plugin_Flickr-rss" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6903.json b/2018/6xxx/CVE-2018-6903.json index 5593922fb4b..75239508ab7 100644 --- a/2018/6xxx/CVE-2018-6903.json +++ b/2018/6xxx/CVE-2018-6903.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0day4u.wordpress.com/2018/03/12/hot-scripts-clone-script-classified-improper-validation-of-email-address/", - "refsource" : "MISC", - "url" : "https://0day4u.wordpress.com/2018/03/12/hot-scripts-clone-script-classified-improper-validation-of-email-address/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0day4u.wordpress.com/2018/03/12/hot-scripts-clone-script-classified-improper-validation-of-email-address/", + "refsource": "MISC", + "url": "https://0day4u.wordpress.com/2018/03/12/hot-scripts-clone-script-classified-improper-validation-of-email-address/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7568.json b/2018/7xxx/CVE-2018-7568.json index 079486e4e0e..a5af7749025 100644 --- a/2018/7xxx/CVE-2018-7568.json +++ b/2018/7xxx/CVE-2018-7568.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22894", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22894" - }, - { - "name" : "GLSA-201811-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-17" - }, - { - "name" : "RHSA-2018:3032", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22894", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22894" + }, + { + "name": "RHSA-2018:3032", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3032" + }, + { + "name": "GLSA-201811-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-17" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7645.json b/2018/7xxx/CVE-2018-7645.json index 9b6950703c1..b81f676db87 100644 --- a/2018/7xxx/CVE-2018-7645.json +++ b/2018/7xxx/CVE-2018-7645.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7645", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7645", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7832.json b/2018/7xxx/CVE-2018-7832.json index 3f77274eb97..54ec85e0cb9 100644 --- a/2018/7xxx/CVE-2018-7832.json +++ b/2018/7xxx/CVE-2018-7832.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "ID" : "CVE-2018-7832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pro-Face GP-Pro EX v4.08 and previous versions", - "version" : { - "version_data" : [ - { - "version_value" : "Pro-Face GP-Pro EX v4.08 and previous versions" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "ID": "CVE-2018-7832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pro-Face GP-Pro EX v4.08 and previous versions", + "version": { + "version_data": [ + { + "version_value": "Pro-Face GP-Pro EX v4.08 and previous versions" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/" - }, - { - "name" : "106441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/" + }, + { + "name": "106441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106441" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5612.json b/2019/5xxx/CVE-2019-5612.json index 0159a4afbe8..3d28791a5c1 100644 --- a/2019/5xxx/CVE-2019-5612.json +++ b/2019/5xxx/CVE-2019-5612.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5612", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5612", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file