diff --git a/2005/0xxx/CVE-2005-0012.json b/2005/0xxx/CVE-2005-0012.json index 76ac37f94ec..5675ff6fd0f 100644 --- a/2005/0xxx/CVE-2005-0012.json +++ b/2005/0xxx/CVE-2005-0012.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200501-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-11.xml" - }, - { - "name" : "12203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12203" - }, - { - "name" : "13760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13760/" - }, - { - "name" : "13764", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13764" - }, - { - "name" : "dillo-capi-format-string(18807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200501-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-11.xml" + }, + { + "name": "13760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13760/" + }, + { + "name": "12203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12203" + }, + { + "name": "dillo-capi-format-string(18807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18807" + }, + { + "name": "13764", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13764" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0174.json b/2005/0xxx/CVE-2005-0174.json index d797422a508..f0db0d8e9ea 100644 --- a/2005/0xxx/CVE-2005-0174.json +++ b/2005/0xxx/CVE-2005-0174.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt", - "refsource" : "CONFIRM", - "url" : "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt" - }, - { - "name" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing" - }, - { - "name" : "CLA-2005:931", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931" - }, - { - "name" : "FEDORA-2005-373", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html" - }, - { - "name" : "FLSA-2006:152809", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA--.shtml" - }, - { - "name" : "MDKSA-2005:034", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034" - }, - { - "name" : "RHSA-2005:060", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-060.html" - }, - { - "name" : "RHSA-2005:061", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-061.html" - }, - { - "name" : "SUSE-SA:2005:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_06_squid.html" - }, - { - "name" : "20050207 [USN-77-1] Squid vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110780531820947&w=2" - }, - { - "name" : "VU#768702", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/768702" - }, - { - "name" : "12412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12412" - }, - { - "name" : "oval:org.mitre.oval:def:10656", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2005-373", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html" + }, + { + "name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing" + }, + { + "name": "12412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12412" + }, + { + "name": "FLSA-2006:152809", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA--.shtml" + }, + { + "name": "VU#768702", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/768702" + }, + { + "name": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt", + "refsource": "CONFIRM", + "url": "http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt" + }, + { + "name": "RHSA-2005:061", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-061.html" + }, + { + "name": "CLA-2005:931", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931" + }, + { + "name": "oval:org.mitre.oval:def:10656", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10656" + }, + { + "name": "MDKSA-2005:034", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034" + }, + { + "name": "20050207 [USN-77-1] Squid vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110780531820947&w=2" + }, + { + "name": "SUSE-SA:2005:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html" + }, + { + "name": "RHSA-2005:060", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-060.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0434.json b/2005/0xxx/CVE-2005-0434.json index 54a2a400700..46cdf4860cf 100644 --- a/2005/0xxx/CVE-2005-0434.json +++ b/2005/0xxx/CVE-2005-0434.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.waraxe.us/advisory-40.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-40.html" - }, - { - "name" : "12561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12561" - }, - { - "name" : "phpnuke-downloads-weblinks-xss(19346)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12561" + }, + { + "name": "phpnuke-downloads-weblinks-xss(19346)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19346" + }, + { + "name": "http://www.waraxe.us/advisory-40.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-40.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0958.json b/2005/0xxx/CVE-2005-0958.json index fa18bca823d..3e26febce84 100644 --- a/2005/0xxx/CVE-2005-0958.json +++ b/2005/0xxx/CVE-2005-0958.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://unl0ck.org/files/papers/mtftpd.txt", - "refsource" : "MISC", - "url" : "http://unl0ck.org/files/papers/mtftpd.txt" - }, - { - "name" : "http://www.securiteam.com/exploits/5KP0W0AF5K.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/5KP0W0AF5K.html" - }, - { - "name" : "http://www.tripbit.org/advisories/TA-040305.txt", - "refsource" : "MISC", - "url" : "http://www.tripbit.org/advisories/TA-040305.txt" - }, - { - "name" : "12947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://unl0ck.org/files/papers/mtftpd.txt", + "refsource": "MISC", + "url": "http://unl0ck.org/files/papers/mtftpd.txt" + }, + { + "name": "http://www.securiteam.com/exploits/5KP0W0AF5K.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/5KP0W0AF5K.html" + }, + { + "name": "12947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12947" + }, + { + "name": "http://www.tripbit.org/advisories/TA-040305.txt", + "refsource": "MISC", + "url": "http://www.tripbit.org/advisories/TA-040305.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2033.json b/2005/2xxx/CVE-2005-2033.json index 418fe27714f..c054806887a 100644 --- a/2005/2xxx/CVE-2005-2033.json +++ b/2005/2xxx/CVE-2005-2033.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050620 [Hat-Squad] i-Gallery directory traversal", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111936111630489&w=2" - }, - { - "name" : "14000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14000" - }, - { - "name" : "ADV-2005-0825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-0825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0825" + }, + { + "name": "14000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14000" + }, + { + "name": "20050620 [Hat-Squad] i-Gallery directory traversal", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111936111630489&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2097.json b/2005/2xxx/CVE-2005-2097.json index 49dfbe87802..7328d4755d6 100644 --- a/2005/2xxx/CVE-2005-2097.json +++ b/2005/2xxx/CVE-2005-2097.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xpdf and kpdf do not properly validate the \"loca\" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a \"broken\" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-780", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-780" - }, - { - "name" : "DSA-936", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-936" - }, - { - "name" : "DSA-1136", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1136" - }, - { - "name" : "FLSA:175404", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427990/100/0/threaded" - }, - { - "name" : "FLSA-2006:176751", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427053/100/0/threaded" - }, - { - "name" : "MDKSA-2005:138", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:138" - }, - { - "name" : "RHSA-2005:670", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-670.html" - }, - { - "name" : "RHSA-2005:671", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-671.html" - }, - { - "name" : "RHSA-2005:706", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-706.html" - }, - { - "name" : "RHSA-2005:708", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-708.html" - }, - { - "name" : "SCOSA-2005.42", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt" - }, - { - "name" : "102972", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1" - }, - { - "name" : "SUSE-SR:2005:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_19_sr.html" - }, - { - "name" : "USN-163-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/163-1/" - }, - { - "name" : "14529", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14529" - }, - { - "name" : "oval:org.mitre.oval:def:10280", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10280" - }, - { - "name" : "ADV-2007-2280", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2280" - }, - { - "name" : "17277", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17277" - }, - { - "name" : "18398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18398" - }, - { - "name" : "18407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18407" - }, - { - "name" : "21339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21339" - }, - { - "name" : "25729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xpdf and kpdf do not properly validate the \"loca\" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a \"broken\" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:706", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-706.html" + }, + { + "name": "17277", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17277" + }, + { + "name": "RHSA-2005:671", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-671.html" + }, + { + "name": "oval:org.mitre.oval:def:10280", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10280" + }, + { + "name": "DSA-1136", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1136" + }, + { + "name": "MDKSA-2005:138", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:138" + }, + { + "name": "SUSE-SR:2005:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html" + }, + { + "name": "102972", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1" + }, + { + "name": "18398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18398" + }, + { + "name": "FLSA-2006:176751", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427053/100/0/threaded" + }, + { + "name": "DSA-936", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-936" + }, + { + "name": "USN-163-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/163-1/" + }, + { + "name": "ADV-2007-2280", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2280" + }, + { + "name": "RHSA-2005:670", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-670.html" + }, + { + "name": "18407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18407" + }, + { + "name": "25729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25729" + }, + { + "name": "SCOSA-2005.42", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt" + }, + { + "name": "DSA-780", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-780" + }, + { + "name": "14529", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14529" + }, + { + "name": "FLSA:175404", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427990/100/0/threaded" + }, + { + "name": "RHSA-2005:708", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-708.html" + }, + { + "name": "21339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21339" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2848.json b/2005/2xxx/CVE-2005-2848.json index da2231766a4..c58b83f67f4 100644 --- a/2005/2xxx/CVE-2005-2848.json +++ b/2005/2xxx/CVE-2005-2848.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050901 [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112560044813390&w=2" - }, - { - "name" : "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1", - "refsource" : "MISC", - "url" : "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1" - }, - { - "name" : "14710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14710" - }, - { - "name" : "1014837", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Sep/1014837.html" - }, - { - "name" : "16683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16683/" - }, - { - "name" : "barracuda-img-command-execute(22120)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1", + "refsource": "MISC", + "url": "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1" + }, + { + "name": "1014837", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Sep/1014837.html" + }, + { + "name": "16683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16683/" + }, + { + "name": "20050901 [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112560044813390&w=2" + }, + { + "name": "barracuda-img-command-execute(22120)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22120" + }, + { + "name": "14710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14710" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2854.json b/2005/2xxx/CVE-2005-2854.json index 85c5798f009..fa59c500464 100644 --- a/2005/2xxx/CVE-2005-2854.json +++ b/2005/2xxx/CVE-2005-2854.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050905 thesitewizard.com chfeedback.pl CRLF Injection", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0094.html" - }, - { - "name" : "14749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14749" + }, + { + "name": "20050905 thesitewizard.com chfeedback.pl CRLF Injection", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0094.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3748.json b/2005/3xxx/CVE-2005-3748.json index 6862fa90c98..f6ab9e47844 100644 --- a/2005/3xxx/CVE-2005-3748.json +++ b/2005/3xxx/CVE-2005-3748.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/11/nuke-et-search-module-query-variable.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/11/nuke-et-search-module-query-variable.html" - }, - { - "name" : "15519", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15519" - }, - { - "name" : "ADV-2005-2516", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2516" - }, - { - "name" : "21002", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21002" - }, - { - "name" : "17638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21002", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21002" + }, + { + "name": "ADV-2005-2516", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2516" + }, + { + "name": "15519", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15519" + }, + { + "name": "17638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17638" + }, + { + "name": "http://lostmon.blogspot.com/2005/11/nuke-et-search-module-query-variable.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/11/nuke-et-search-module-query-variable.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4094.json b/2005/4xxx/CVE-2005-4094.json index d6c6e2534df..8f626fbe6ec 100644 --- a/2005/4xxx/CVE-2005-4094.json +++ b/2005/4xxx/CVE-2005-4094.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rgod.altervista.org/docebo204_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/docebo204_xpl.html" - }, - { - "name" : "15744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15744" - }, - { - "name" : "ADV-2005-2771", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2771" - }, - { - "name" : "21465", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21465" - }, - { - "name" : "1015308", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015308" - }, - { - "name" : "1015308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/1015308" - }, - { - "name" : "17896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17896" - }, - { - "name" : "docebolms-connector-file-upload(23519)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2771", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2771" + }, + { + "name": "docebolms-connector-file-upload(23519)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23519" + }, + { + "name": "17896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17896" + }, + { + "name": "15744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15744" + }, + { + "name": "http://rgod.altervista.org/docebo204_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/docebo204_xpl.html" + }, + { + "name": "21465", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21465" + }, + { + "name": "1015308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/1015308" + }, + { + "name": "1015308", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015308" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4193.json b/2005/4xxx/CVE-2005-4193.json index 07a605f1452..af5c915cc3f 100644 --- a/2005/4xxx/CVE-2005-4193.json +++ b/2005/4xxx/CVE-2005-4193.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=377496&group_id=93103", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=377496&group_id=93103" - }, - { - "name" : "15817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15817" - }, - { - "name" : "ADV-2005-2843", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2843" - }, - { - "name" : "17958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17958" - }, - { - "name" : "usebb-serverphpself-xss(23544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2843", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2843" + }, + { + "name": "15817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15817" + }, + { + "name": "usebb-serverphpself-xss(23544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23544" + }, + { + "name": "17958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17958" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=377496&group_id=93103", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=377496&group_id=93103" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4612.json b/2005/4xxx/CVE-2005-4612.json index ff2fb63a5a0..2dac689f637 100644 --- a/2005/4xxx/CVE-2005-4612.json +++ b/2005/4xxx/CVE-2005-4612.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote attackers to execute arbitrary SQL commands via the (1) f parameter to viewforum.php, (2) t parameter to viewtopic.php, and (3) view parameter to usercp.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html" - }, - { - "name" : "21329", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21329" - }, - { - "name" : "21330", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21330" - }, - { - "name" : "21331", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21331" - }, - { - "name" : "vubb-multiple-sql-injection(24350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote attackers to execute arbitrary SQL commands via the (1) f parameter to viewforum.php, (2) t parameter to viewtopic.php, and (3) view parameter to usercp.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vubb-multiple-sql-injection(24350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24350" + }, + { + "name": "21331", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21331" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html" + }, + { + "name": "21329", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21329" + }, + { + "name": "21330", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21330" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4787.json b/2005/4xxx/CVE-2005-4787.json index 52f51f36888..16195f84a7a 100644 --- a/2005/4xxx/CVE-2005-4787.json +++ b/2005/4xxx/CVE-2005-4787.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that \"Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.turnkeywebtools.com/forum/showpost.php?p=9874&postcount=6", - "refsource" : "MISC", - "url" : "http://www.turnkeywebtools.com/forum/showpost.php?p=9874&postcount=6" - }, - { - "name" : "http://www.turnkeywebtools.com/forum/showthread.php?t=2384", - "refsource" : "CONFIRM", - "url" : "http://www.turnkeywebtools.com/forum/showthread.php?t=2384" - }, - { - "name" : "17832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that \"Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17832" + }, + { + "name": "http://www.turnkeywebtools.com/forum/showpost.php?p=9874&postcount=6", + "refsource": "MISC", + "url": "http://www.turnkeywebtools.com/forum/showpost.php?p=9874&postcount=6" + }, + { + "name": "http://www.turnkeywebtools.com/forum/showthread.php?t=2384", + "refsource": "CONFIRM", + "url": "http://www.turnkeywebtools.com/forum/showthread.php?t=2384" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4792.json b/2005/4xxx/CVE-2005-4792.json index e62db911663..95c5889187b 100644 --- a/2005/4xxx/CVE-2005-4792.json +++ b/2005/4xxx/CVE-2005-4792.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15088" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0251.json b/2009/0xxx/CVE-2009-0251.json index 478089a4154..9a8cce7c2f6 100644 --- a/2009/0xxx/CVE-2009-0251.json +++ b/2009/0xxx/CVE-2009-0251.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7780", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7780" - }, - { - "name" : "51412", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51412" - }, - { - "name" : "33531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33531" - }, - { - "name" : "4935", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4935", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4935" + }, + { + "name": "51412", + "refsource": "OSVDB", + "url": "http://osvdb.org/51412" + }, + { + "name": "7780", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7780" + }, + { + "name": "33531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33531" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0467.json b/2009/0xxx/CVE-2009-0467.json index a7eebaabe9b..5c60b2a4b0f 100644 --- a/2009/0xxx/CVE-2009-0467.json +++ b/2009/0xxx/CVE-2009-0467.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7919", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7919" - }, - { - "name" : "33523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33523" - }, - { - "name" : "51659", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51659" - }, - { - "name" : "33739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33523" + }, + { + "name": "7919", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7919" + }, + { + "name": "51659", + "refsource": "OSVDB", + "url": "http://osvdb.org/51659" + }, + { + "name": "33739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33739" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0657.json b/2009/0xxx/CVE-2009-0657.json index b2247c0f9d7..aa061a30223 100644 --- a/2009/0xxx/CVE-2009-0657.json +++ b/2009/0xxx/CVE-2009-0657.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498997" - }, - { - "name" : "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen", - "refsource" : "MISC", - "url" : "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen" - }, - { - "name" : "http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf", - "refsource" : "MISC", - "url" : "http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf" - }, - { - "name" : "http://security.bkis.vn/?p=292", - "refsource" : "MISC", - "url" : "http://security.bkis.vn/?p=292" - }, - { - "name" : "32700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32700" - }, - { - "name" : "toshibaface-notebook-unauth-access(48963)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf", + "refsource": "MISC", + "url": "http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf" + }, + { + "name": "20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498997" + }, + { + "name": "toshibaface-notebook-unauth-access(48963)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48963" + }, + { + "name": "32700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32700" + }, + { + "name": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen", + "refsource": "MISC", + "url": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen" + }, + { + "name": "http://security.bkis.vn/?p=292", + "refsource": "MISC", + "url": "http://security.bkis.vn/?p=292" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2058.json b/2009/2xxx/CVE-2009-2058.json index a43746a24a2..7f2f4171a71 100644 --- a/2009/2xxx/CVE-2009-2058.json +++ b/2009/2xxx/CVE-2009-2058.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" - }, - { - "name" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" - }, - { - "name" : "safari-connect-code-execution(51193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "safari-connect-code-execution(51193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51193" + }, + { + "name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", + "refsource": "MISC", + "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" + }, + { + "name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", + "refsource": "MISC", + "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2403.json b/2009/2xxx/CVE-2009-2403.json index 2bd2ad6cea3..4d466fddfb9 100644 --- a/2009/2xxx/CVE-2009-2403.json +++ b/2009/2xxx/CVE-2009-2403.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9033", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9033" - }, - { - "name" : "35596", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35596" - }, - { - "name" : "ADV-2009-1729", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9033", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9033" + }, + { + "name": "ADV-2009-1729", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1729" + }, + { + "name": "35596", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35596" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2568.json b/2009/2xxx/CVE-2009-2568.json index a1763dc9adc..32977852d6f 100644 --- a/2009/2xxx/CVE-2009-2568.json +++ b/2009/2xxx/CVE-2009-2568.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8617", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8617" - }, - { - "name" : "8620", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8620" - }, - { - "name" : "34842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34842" - }, - { - "name" : "sorinara-m3u-bo(50339)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34842" + }, + { + "name": "8617", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8617" + }, + { + "name": "8620", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8620" + }, + { + "name": "sorinara-m3u-bo(50339)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50339" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2681.json b/2009/2xxx/CVE-2009-2681.json index ca63589a53a..c3f5f07ea27 100644 --- a/2009/2xxx/CVE-2009-2681.json +++ b/2009/2xxx/CVE-2009-2681.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02441", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01798159" - }, - { - "name" : "SSRT090082", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01798159" - }, - { - "name" : "36462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36462" - }, - { - "name" : "1022915", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022915" - }, - { - "name" : "36792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36792" - }, - { - "name" : "ADV-2009-2707", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT090082", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01798159" + }, + { + "name": "36792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36792" + }, + { + "name": "36462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36462" + }, + { + "name": "ADV-2009-2707", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2707" + }, + { + "name": "HPSBGN02441", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01798159" + }, + { + "name": "1022915", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022915" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3483.json b/2009/3xxx/CVE-2009-3483.json index 5986e1fa59b..3f7b9285f8a 100644 --- a/2009/3xxx/CVE-2009-3483.json +++ b/2009/3xxx/CVE-2009-3483.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054 allows user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a site list containing an entry with a long label." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/0909-exploits/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0909-exploits/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt" - }, - { - "name" : "58387", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58387" - }, - { - "name" : "36874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36874" - }, - { - "name" : "cuteftp-label-bo(53487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054 allows user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a site list containing an entry with a long label." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58387", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58387" + }, + { + "name": "36874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36874" + }, + { + "name": "cuteftp-label-bo(53487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53487" + }, + { + "name": "http://www.packetstormsecurity.org/0909-exploits/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0909-exploits/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3645.json b/2009/3xxx/CVE-2009-3645.json index c4a493aa0a2..d553a594f5b 100644 --- a/2009/3xxx/CVE-2009-3645.json +++ b/2009/3xxx/CVE-2009-3645.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0910-exploits/joomlacbrb-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0910-exploits/joomlacbrb-sql.txt" - }, - { - "name" : "36598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36598" - }, - { - "name" : "36954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0910-exploits/joomlacbrb-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0910-exploits/joomlacbrb-sql.txt" + }, + { + "name": "36954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36954" + }, + { + "name": "36598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36598" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3792.json b/2009/3xxx/CVE-2009-3792.json index 0b9f1e424e7..40b829b8f76 100644 --- a/2009/3xxx/CVE-2009-3792.json +++ b/2009/3xxx/CVE-2009-3792.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2009-3792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-18.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-18.html" - }, - { - "name" : "37420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-18.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-18.html" + }, + { + "name": "37420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37420" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3914.json b/2009/3xxx/CVE-2009-3914.json index 0939af68758..335cc7dd496 100644 --- a/2009/3xxx/CVE-2009-3914.json +++ b/2009/3xxx/CVE-2009-3914.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/623018", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/623018" - }, - { - "name" : "http://drupal.org/node/623526", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/623526" - }, - { - "name" : "37072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37072" - }, - { - "name" : "59679", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59679" - }, - { - "name" : "37286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37286" - }, - { - "name" : "tempinv-name-xss(54148)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/623018", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/623018" + }, + { + "name": "37072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37072" + }, + { + "name": "37286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37286" + }, + { + "name": "tempinv-name-xss(54148)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54148" + }, + { + "name": "59679", + "refsource": "OSVDB", + "url": "http://osvdb.org/59679" + }, + { + "name": "http://drupal.org/node/623526", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/623526" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4121.json b/2009/4xxx/CVE-2009-4121.json index ca03f959fd6..2d58b179b9a 100644 --- a/2009/4xxx/CVE-2009-4121.json +++ b/2009/4xxx/CVE-2009-4121.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products or (3) delete orders via unspecified vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091123 Quick.Cart and Quick.CMS CSRF Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0260.html" - }, - { - "name" : "37115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37115" - }, - { - "name" : "60495", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60495" - }, - { - "name" : "37421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37421" - }, - { - "name" : "quickcart-delete-csrf(54413)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products or (3) delete orders via unspecified vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37421" + }, + { + "name": "20091123 Quick.Cart and Quick.CMS CSRF Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0260.html" + }, + { + "name": "60495", + "refsource": "OSVDB", + "url": "http://osvdb.org/60495" + }, + { + "name": "quickcart-delete-csrf(54413)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54413" + }, + { + "name": "37115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37115" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4339.json b/2009/4xxx/CVE-2009-4339.json index 25ea2c8f149..4f31923d0a4 100644 --- a/2009/4xxx/CVE-2009-4339.json +++ b/2009/4xxx/CVE-2009-4339.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - }, - { - "name" : "ADV-2009-3550", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3550" - }, - { - "name" : "typo3-subscription-sql-injection(54782)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-subscription-sql-injection(54782)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54782" + }, + { + "name": "ADV-2009-3550", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3550" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4379.json b/2009/4xxx/CVE-2009-4379.json index d656d78fbbe..79b06aa3ee1 100644 --- a/2009/4xxx/CVE-2009-4379.json +++ b/2009/4xxx/CVE-2009-4379.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-2924." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.valarsoft.com/index.php?stage=0§ion=5&newsID=165&action=6", - "refsource" : "CONFIRM", - "url" : "http://www.valarsoft.com/index.php?stage=0§ion=5&newsID=165&action=6" - }, - { - "name" : "37335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37335" - }, - { - "name" : "37735", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-2924." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37335" + }, + { + "name": "37735", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37735" + }, + { + "name": "http://www.valarsoft.com/index.php?stage=0§ion=5&newsID=165&action=6", + "refsource": "CONFIRM", + "url": "http://www.valarsoft.com/index.php?stage=0§ion=5&newsID=165&action=6" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4715.json b/2009/4xxx/CVE-2009-4715.json index d6b84f9592c..686df5a4eb4 100644 --- a/2009/4xxx/CVE-2009-4715.json +++ b/2009/4xxx/CVE-2009-4715.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/rtce-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/rtce-xss.txt" - }, - { - "name" : "56081", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56081" - }, - { - "name" : "35936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35936" - }, - { - "name" : "realtime-rates-xss(51853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "realtime-rates-xss(51853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51853" + }, + { + "name": "56081", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56081" + }, + { + "name": "35936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35936" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/rtce-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/rtce-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4740.json b/2009/4xxx/CVE-2009-4740.json index bc39d0d24a8..b90ee52fa14 100644 --- a/2009/4xxx/CVE-2009-4740.json +++ b/2009/4xxx/CVE-2009-4740.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4872.json b/2009/4xxx/CVE-2009-4872.json index 3b3c264c88a..76f896b7871 100644 --- a/2009/4xxx/CVE-2009-4872.json +++ b/2009/4xxx/CVE-2009-4872.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9399", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9399", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9399" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4907.json b/2009/4xxx/CVE-2009-4907.json index 477e7479894..c6a4817f042 100644 --- a/2009/4xxx/CVE-2009-4907.json +++ b/2009/4xxx/CVE-2009-4907.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt" - }, - { - "name" : "60907", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60907" - }, - { - "name" : "37661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37661" - }, - { - "name" : "oblog-unspecified-csrf(54714)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37661" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt" + }, + { + "name": "oblog-unspecified-csrf(54714)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54714" + }, + { + "name": "60907", + "refsource": "OSVDB", + "url": "http://osvdb.org/60907" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0044.json b/2015/0xxx/CVE-2015-0044.json index 720589bd16c..d2cd2731738 100644 --- a/2015/0xxx/CVE-2015-0044.json +++ b/2015/0xxx/CVE-2015-0044.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-8967 and CVE-2015-0050." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72414" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-8967 and CVE-2015-0050." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "72414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72414" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0131.json b/2015/0xxx/CVE-2015-0131.json index 585941a6a7b..a69d7353640 100644 --- a/2015/0xxx/CVE-2015-0131.json +++ b/2015/0xxx/CVE-2015-0131.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902807", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902807", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902807" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0743.json b/2015/0xxx/CVE-2015-0743.json index 5d5a1afe469..a679bcb7d6d 100644 --- a/2015/0xxx/CVE-2015-0743.json +++ b/2015/0xxx/CVE-2015-0743.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150529 Cisco Headend System Release UDP TFTP and DHCP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38938" - }, - { - "name" : "1032445", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150529 Cisco Headend System Release UDP TFTP and DHCP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38938" + }, + { + "name": "1032445", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032445" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0912.json b/2015/0xxx/CVE-2015-0912.json index cbb9f0d055f..f4bde727f7c 100644 --- a/2015/0xxx/CVE-2015-0912.json +++ b/2015/0xxx/CVE-2015-0912.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-0912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN67520407/995657/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN67520407/995657/index.html" - }, - { - "name" : "JVN#67520407", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN67520407/index.html" - }, - { - "name" : "JVNDB-2015-000060", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#67520407", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN67520407/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN67520407/995657/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN67520407/995657/index.html" + }, + { + "name": "JVNDB-2015-000060", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000060" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0918.json b/2015/0xxx/CVE-2015-0918.json index 12f25fdfa04..69198f240ba 100644 --- a/2015/0xxx/CVE-2015-0918.json +++ b/2015/0xxx/CVE-2015-0918.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150106 Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/10" - }, - { - "name" : "http://packetstormsecurity.com/files/129825/Sefrengo-CMS-1.6.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129825/Sefrengo-CMS-1.6.0-Cross-Site-Scripting.html" - }, - { - "name" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-06.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-06.html" - }, - { - "name" : "http://forum.sefrengo.org/index.php?showtopic=3360", - "refsource" : "CONFIRM", - "url" : "http://forum.sefrengo.org/index.php?showtopic=3360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150106 Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/10" + }, + { + "name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-06.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-06.html" + }, + { + "name": "http://packetstormsecurity.com/files/129825/Sefrengo-CMS-1.6.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129825/Sefrengo-CMS-1.6.0-Cross-Site-Scripting.html" + }, + { + "name": "http://forum.sefrengo.org/index.php?showtopic=3360", + "refsource": "CONFIRM", + "url": "http://forum.sefrengo.org/index.php?showtopic=3360" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1276.json b/2015/1xxx/CVE-2015-1276.json index 5719563ebc9..f10e8a8547e 100644 --- a/2015/1xxx/CVE-2015-1276.json +++ b/2015/1xxx/CVE-2015-1276.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=472614", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=472614" - }, - { - "name" : "https://codereview.chromium.org/1060613002/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1060613002/" - }, - { - "name" : "DSA-3315", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3315" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=472614", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=472614" + }, + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "DSA-3315", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3315" + }, + { + "name": "https://codereview.chromium.org/1060613002/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1060613002/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1385.json b/2015/1xxx/CVE-2015-1385.json index d9490f4b1d4..f40c2eebc03 100644 --- a/2015/1xxx/CVE-2015-1385.json +++ b/2015/1xxx/CVE-2015-1385.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150129 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534577/100/0/threaded" - }, - { - "name" : "20150130 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/130" - }, - { - "name" : "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/", - "refsource" : "MISC", - "url" : "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/" - }, - { - "name" : "https://wordpress.org/plugins/powerpress/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/powerpress/changelog/" - }, - { - "name" : "72362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html" + }, + { + "name": "72362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72362" + }, + { + "name": "20150129 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534577/100/0/threaded" + }, + { + "name": "https://wordpress.org/plugins/powerpress/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/powerpress/changelog/" + }, + { + "name": "20150130 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/130" + }, + { + "name": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/", + "refsource": "MISC", + "url": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1764.json b/2015/1xxx/CVE-2015-1764.json index 608b752e939..54158268ef3 100644 --- a/2015/1xxx/CVE-2015-1764.json +++ b/2015/1xxx/CVE-2015-1764.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka \"Exchange Server-Side Request Forgery Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-064", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-064" - }, - { - "name" : "75007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75007" - }, - { - "name" : "1032528", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka \"Exchange Server-Side Request Forgery Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-064", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-064" + }, + { + "name": "75007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75007" + }, + { + "name": "1032528", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032528" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1992.json b/2015/1xxx/CVE-2015-1992.json index bed6866ed8e..cf2594a0fff 100644 --- a/2015/1xxx/CVE-2015-1992.json +++ b/2015/1xxx/CVE-2015-1992.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas7d9a0db411a9071e986257e8c0029b365", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas7d9a0db411a9071e986257e8c0029b365" - }, - { - "name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098524", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098524" - }, - { - "name" : "IT08185", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08185" - }, - { - "name" : "1033653", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IT08185", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08185" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas7d9a0db411a9071e986257e8c0029b365", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas7d9a0db411a9071e986257e8c0029b365" + }, + { + "name": "1033653", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033653" + }, + { + "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098524", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098524" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1996.json b/2015/1xxx/CVE-2015-1996.json index 55a49812e68..a9d0eb5c381 100644 --- a/2015/1xxx/CVE-2015-1996.json +++ b/2015/1xxx/CVE-2015-1996.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21970139", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21970139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970139", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970139" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5172.json b/2015/5xxx/CVE-2015-5172.json index e5fa1e3bb8b..fd80b3382ce 100644 --- a/2015/5xxx/CVE-2015-5172.json +++ b/2015/5xxx/CVE-2015-5172.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2015-5170-5173", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2015-5170-5173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2015-5170-5173", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2015-5170-5173" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5583.json b/2015/5xxx/CVE-2015-5583.json index fa067e93092..5fa97003368 100644 --- a/2015/5xxx/CVE-2015-5583.json +++ b/2015/5xxx/CVE-2015-5583.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended sandbox restrictions and obtain sensitive PDF information by launching a print job on a remote printer, a different vulnerability than CVE-2015-6705, CVE-2015-6706, and CVE-2015-7624." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-468", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-468" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" - }, - { - "name" : "1033796", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended sandbox restrictions and obtain sensitive PDF information by launching a print job on a remote printer, a different vulnerability than CVE-2015-6705, CVE-2015-6706, and CVE-2015-7624." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" + }, + { + "name": "1033796", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033796" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-468", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-468" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5945.json b/2015/5xxx/CVE-2015-5945.json index f5b91aa650a..b183f320f7a 100644 --- a/2015/5xxx/CVE-2015-5945.json +++ b/2015/5xxx/CVE-2015-5945.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205375", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205375" - }, - { - "name" : "APPLE-SA-2015-10-21-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-10-21-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205375", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205375" + } + ] + } +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002205.json b/2018/1002xxx/CVE-2018-1002205.json index 90ff3634564..723ea6c0b2a 100644 --- a/2018/1002xxx/CVE-2018-1002205.json +++ b/2018/1002xxx/CVE-2018-1002205.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-05-17T10:52Z", - "ID" : "CVE-2018-1002205", - "REQUESTER" : "danny@snyk.io", - "STATE" : "PUBLIC", - "UPDATED" : "2018-05-17T10:52Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DotNetZip.Semvered", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "1.11.0" - } - ] - } - } - ] - }, - "vendor_name" : "DotNetZip" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_ASSIGNED": "2018-05-17T10:52Z", + "ID": "CVE-2018-1002205", + "REQUESTER": "danny@snyk.io", + "STATE": "PUBLIC", + "UPDATED": "2018-05-17T10:52Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DotNetZip.Semvered", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.11.0" + } + ] + } + } + ] + }, + "vendor_name": "DotNetZip" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/snyk/zip-slip-vulnerability", - "refsource" : "MISC", - "url" : "https://github.com/snyk/zip-slip-vulnerability" - }, - { - "name" : "https://snyk.io/research/zip-slip-vulnerability", - "refsource" : "MISC", - "url" : "https://snyk.io/research/zip-slip-vulnerability" - }, - { - "name" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245", - "refsource" : "MISC", - "url" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245" - }, - { - "name" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366", - "refsource" : "CONFIRM", - "url" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366" - }, - { - "name" : "https://github.com/haf/DotNetZip.Semverd/pull/121", - "refsource" : "CONFIRM", - "url" : "https://github.com/haf/DotNetZip.Semverd/pull/121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://snyk.io/research/zip-slip-vulnerability", + "refsource": "MISC", + "url": "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366", + "refsource": "CONFIRM", + "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366" + }, + { + "name": "https://github.com/snyk/zip-slip-vulnerability", + "refsource": "MISC", + "url": "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245", + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245" + }, + { + "name": "https://github.com/haf/DotNetZip.Semverd/pull/121", + "refsource": "CONFIRM", + "url": "https://github.com/haf/DotNetZip.Semverd/pull/121" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3032.json b/2018/3xxx/CVE-2018-3032.json index da12be5e4c7..eb1b37eaf51 100644 --- a/2018/3xxx/CVE-2018-3032.json +++ b/2018/3xxx/CVE-2018-3032.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Investor Servicing", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.4" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.4" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0" + }, + { + "version_affected": "=", + "version_value": "12.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104793" - }, - { - "name" : "1041307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041307" + }, + { + "name": "104793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104793" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3380.json b/2018/3xxx/CVE-2018-3380.json index 0bbfe09e1d7..5b3751436db 100644 --- a/2018/3xxx/CVE-2018-3380.json +++ b/2018/3xxx/CVE-2018-3380.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3380", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3380", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3500.json b/2018/3xxx/CVE-2018-3500.json index 3accc09d09a..f8132d6f726 100644 --- a/2018/3xxx/CVE-2018-3500.json +++ b/2018/3xxx/CVE-2018-3500.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3500", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3500", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3673.json b/2018/3xxx/CVE-2018-3673.json index a0de2de9d85..6cf72d95226 100644 --- a/2018/3xxx/CVE-2018-3673.json +++ b/2018/3xxx/CVE-2018-3673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3673", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3673", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3694.json b/2018/3xxx/CVE-2018-3694.json index ecc2384d2a7..273cb92ebf8 100644 --- a/2018/3xxx/CVE-2018-3694.json +++ b/2018/3xxx/CVE-2018-3694.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3694", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3694", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3806.json b/2018/3xxx/CVE-2018-3806.json index b45d0df0f4f..fc40857f808 100644 --- a/2018/3xxx/CVE-2018-3806.json +++ b/2018/3xxx/CVE-2018-3806.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3806", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3806", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6037.json b/2018/6xxx/CVE-2018-6037.json index 302fa5740ed..28c7b3926b0 100644 --- a/2018/6xxx/CVE-2018-6037.json +++ b/2018/6xxx/CVE-2018-6037.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "64.0.3282.119" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "64.0.3282.119" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html" - }, - { - "name" : "https://crbug.com/753645", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/753645" - }, - { - "name" : "DSA-4103", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4103" - }, - { - "name" : "RHSA-2018:0265", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0265" - }, - { - "name" : "102797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102797" - }, - { - "name" : "1040282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html" + }, + { + "name": "DSA-4103", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4103" + }, + { + "name": "102797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102797" + }, + { + "name": "1040282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040282" + }, + { + "name": "https://crbug.com/753645", + "refsource": "CONFIRM", + "url": "https://crbug.com/753645" + }, + { + "name": "RHSA-2018:0265", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0265" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6772.json b/2018/6xxx/CVE-2018-6772.json index 851be96f629..5ede3c5461f 100644 --- a/2018/6xxx/CVE-2018-6772.json +++ b/2018/6xxx/CVE-2018-6772.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008208." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KrnlCall_99008208", - "refsource" : "MISC", - "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KrnlCall_99008208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008208." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KrnlCall_99008208", + "refsource": "MISC", + "url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KrnlCall_99008208" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6880.json b/2018/6xxx/CVE-2018-6880.json index bb61c5a6db0..388cefe6ee1 100644 --- a/2018/6xxx/CVE-2018-6880.json +++ b/2018/6xxx/CVE-2018-6880.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kongxin520/EmpireCMS/blob/master/EmpireCMS.md", - "refsource" : "MISC", - "url" : "https://github.com/kongxin520/EmpireCMS/blob/master/EmpireCMS.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kongxin520/EmpireCMS/blob/master/EmpireCMS.md", + "refsource": "MISC", + "url": "https://github.com/kongxin520/EmpireCMS/blob/master/EmpireCMS.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7092.json b/2018/7xxx/CVE-2018-7092.json index ac87385ab19..fbd0a1618c0 100644 --- a/2018/7xxx/CVE-2018-7092.json +++ b/2018/7xxx/CVE-2018-7092.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE Intelligent Management Center Platform (IMC Plat)", - "version" : { - "version_data" : [ - { - "version_value" : "IMC PLAT 7.3 E0506P09" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote directory traversal leading to arbitrary file deletion" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE Intelligent Management Center Platform (IMC Plat)", + "version": { + "version_data": [ + { + "version_value": "IMC PLAT 7.3 E0506P09" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03872en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03872en_us" - }, - { - "name" : "1041412", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote directory traversal leading to arbitrary file deletion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041412", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041412" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03872en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03872en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7201.json b/2018/7xxx/CVE-2018-7201.json index b32cf028fc5..28e839aac01 100644 --- a/2018/7xxx/CVE-2018-7201.json +++ b/2018/7xxx/CVE-2018-7201.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7201", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7201", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7998.json b/2018/7xxx/CVE-2018-7998.json index 00b2bea194c..6de29d9fc6a 100644 --- a/2018/7xxx/CVE-2018-7998.json +++ b/2018/7xxx/CVE-2018-7998.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180311 [SECURITY] [DLA 1306-1] vips security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00009.html" - }, - { - "name" : "https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5", - "refsource" : "MISC", - "url" : "https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5" - }, - { - "name" : "https://github.com/jcupitt/libvips/issues/893", - "refsource" : "MISC", - "url" : "https://github.com/jcupitt/libvips/issues/893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5", + "refsource": "MISC", + "url": "https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5" + }, + { + "name": "https://github.com/jcupitt/libvips/issues/893", + "refsource": "MISC", + "url": "https://github.com/jcupitt/libvips/issues/893" + }, + { + "name": "[debian-lts-announce] 20180311 [SECURITY] [DLA 1306-1] vips security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8079.json b/2018/8xxx/CVE-2018-8079.json index c181632adcd..9eab963ea90 100644 --- a/2018/8xxx/CVE-2018-8079.json +++ b/2018/8xxx/CVE-2018-8079.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8079", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8079", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8436.json b/2018/8xxx/CVE-2018-8436.json index 0462f7fcf4d..48d06dd2f14 100644 --- a/2018/8xxx/CVE-2018-8436.json +++ b/2018/8xxx/CVE-2018-8436.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1803 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka \"Windows Hyper-V Denial of Service Vulnerability.\" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8437, CVE-2018-8438." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1803 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8436", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8436" - }, - { - "name" : "105236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105236" - }, - { - "name" : "1041624", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka \"Windows Hyper-V Denial of Service Vulnerability.\" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8437, CVE-2018-8438." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105236" + }, + { + "name": "1041624", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041624" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8436", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8436" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8463.json b/2018/8xxx/CVE-2018-8463.json index 55eb93295fe..7007bfac758 100644 --- a/2018/8xxx/CVE-2018-8463.json +++ b/2018/8xxx/CVE-2018-8463.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka \"Microsoft Edge Elevation of Privilege Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45502", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45502/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8463", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8463" - }, - { - "name" : "105260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105260" - }, - { - "name" : "1041623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka \"Microsoft Edge Elevation of Privilege Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45502", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45502/" + }, + { + "name": "1041623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041623" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8463", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8463" + }, + { + "name": "105260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105260" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8751.json b/2018/8xxx/CVE-2018-8751.json index 397de70baf3..8fea7e4026f 100644 --- a/2018/8xxx/CVE-2018-8751.json +++ b/2018/8xxx/CVE-2018-8751.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8751", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8751", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8790.json b/2018/8xxx/CVE-2018-8790.json index d30e4fc9c26..d262002f9ca 100644 --- a/2018/8xxx/CVE-2018-8790.json +++ b/2018/8xxx/CVE-2018-8790.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "ID" : "CVE-2018-8790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ZoneAlarm", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 15.3.064.17729" - } - ] - } - } - ] - }, - "vendor_name" : "Check Point Software Technologies Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-863: Incorrect Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "ID": "CVE-2018-8790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ZoneAlarm", + "version": { + "version_data": [ + { + "version_value": "prior to version 15.3.064.17729" + } + ] + } + } + ] + }, + "vendor_name": "Check Point Software Technologies Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk142952", - "refsource" : "MISC", - "url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk142952" - }, - { - "name" : "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802", - "refsource" : "MISC", - "url" : "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802" - }, - { - "name" : "https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802", - "refsource" : "MISC", - "url" : "https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802" - }, - { - "name" : "107254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802", + "refsource": "MISC", + "url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802" + }, + { + "name": "https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802", + "refsource": "MISC", + "url": "https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802" + }, + { + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk142952", + "refsource": "MISC", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk142952" + }, + { + "name": "107254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107254" + } + ] + } +} \ No newline at end of file