diff --git a/1999/1xxx/CVE-1999-1474.json b/1999/1xxx/CVE-1999-1474.json index e70985680f0..8fa40165ebb 100644 --- a/1999/1xxx/CVE-1999-1474.json +++ b/1999/1xxx/CVE-1999-1474.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.microsoft.com/windows/ie/security/powerpoint.asp", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/windows/ie/security/powerpoint.asp" - }, - { - "name" : "nt-ppt-patch(179)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nt-ppt-patch(179)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179" + }, + { + "name": "http://www.microsoft.com/windows/ie/security/powerpoint.asp", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/windows/ie/security/powerpoint.asp" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1077.json b/2000/1xxx/CVE-2000-1077.json index 2296b8c1407..209c23bd9ee 100644 --- a/2000/1xxx/CVE-2000-1077.json +++ b/2000/1xxx/CVE-2000-1077.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/141435" - }, - { - "name" : "iplanet-web-server-shtml-bo(5446)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/141435" + }, + { + "name": "iplanet-web-server-shtml-bo(5446)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5446" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1194.json b/2000/1xxx/CVE-2000-1194.json index 6f409b050b8..a854a11b890 100644 --- a/2000/1xxx/CVE-2000-1194.json +++ b/2000/1xxx/CVE-2000-1194.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mdma.za.net/fk/FK9.zip", - "refsource" : "MISC", - "url" : "http://www.mdma.za.net/fk/FK9.zip" - }, - { - "name" : "1227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mdma.za.net/fk/FK9.zip", + "refsource": "MISC", + "url": "http://www.mdma.za.net/fk/FK9.zip" + }, + { + "name": "1227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1227" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0132.json b/2005/0xxx/CVE-2005-0132.json index 0e7b4ffe899..5c4627245f7 100644 --- a/2005/0xxx/CVE-2005-0132.json +++ b/2005/0xxx/CVE-2005-0132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0132", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0132", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2254.json b/2005/2xxx/CVE-2005-2254.json index 78bacc2eec7..7350f7e9b1d 100644 --- a/2005/2xxx/CVE-2005-2254.json +++ b/2005/2xxx/CVE-2005-2254.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1014423", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014423" - }, - { - "name" : "15967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014423", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014423" + }, + { + "name": "15967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15967" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2275.json b/2005/2xxx/CVE-2005-2275.json index 181d14d165c..bf1e465a74a 100644 --- a/2005/2xxx/CVE-2005-2275.json +++ b/2005/2xxx/CVE-2005-2275.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2275", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2275", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2566.json b/2005/2xxx/CVE-2005-2566.json index 9350e96681e..cc4b3fd9986 100644 --- a/2005/2xxx/CVE-2005-2566.json +++ b/2005/2xxx/CVE-2005-2566.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050808 SQL IN Open Bulletin Board", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112351834624072&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050808 SQL IN Open Bulletin Board", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112351834624072&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2725.json b/2005/2xxx/CVE-2005-2725.json index a7ac703b0cb..c5c2b166ca8 100644 --- a/2005/2xxx/CVE-2005-2725.json +++ b/2005/2xxx/CVE-2005-2725.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050824 [RLSA_01-2005] QNX inputtrap arbitrary file read vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112490406301882&w=2" - }, - { - "name" : "http://www.rfdslabs.com.br/advisories/qnx-advs-01-2005.txt", - "refsource" : "MISC", - "url" : "http://www.rfdslabs.com.br/advisories/qnx-advs-01-2005.txt" - }, - { - "name" : "14656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14656" - }, - { - "name" : "16569", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16569/" - }, - { - "name" : "qnx-inputtrap-obtain-information(21969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16569", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16569/" + }, + { + "name": "14656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14656" + }, + { + "name": "http://www.rfdslabs.com.br/advisories/qnx-advs-01-2005.txt", + "refsource": "MISC", + "url": "http://www.rfdslabs.com.br/advisories/qnx-advs-01-2005.txt" + }, + { + "name": "qnx-inputtrap-obtain-information(21969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21969" + }, + { + "name": "20050824 [RLSA_01-2005] QNX inputtrap arbitrary file read vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112490406301882&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2814.json b/2005/2xxx/CVE-2005-2814.json index ac184232910..a547aea709b 100644 --- a/2005/2xxx/CVE-2005-2814.json +++ b/2005/2xxx/CVE-2005-2814.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050830 Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Aug/0440.html" - }, - { - "name" : "14704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14704" - }, - { - "name" : "1014824", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014824" - }, - { - "name" : "flatnuke-indexphp-xss(22101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flatnuke-indexphp-xss(22101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22101" + }, + { + "name": "1014824", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014824" + }, + { + "name": "20050830 Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Aug/0440.html" + }, + { + "name": "14704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14704" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3032.json b/2005/3xxx/CVE-2005-3032.json index 2a6e9aa0f3d..a4d8a1c5457 100644 --- a/2005/3xxx/CVE-2005-3032.json +++ b/2005/3xxx/CVE-2005-3032.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TFTP request with a long filename argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.airscanner.com/security/05081203_vxtftpsrv.htm", - "refsource" : "MISC", - "url" : "http://www.airscanner.com/security/05081203_vxtftpsrv.htm" - }, - { - "name" : "14842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14842" - }, - { - "name" : "1014912", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014912" - }, - { - "name" : "16840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TFTP request with a long filename argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14842" + }, + { + "name": "http://www.airscanner.com/security/05081203_vxtftpsrv.htm", + "refsource": "MISC", + "url": "http://www.airscanner.com/security/05081203_vxtftpsrv.htm" + }, + { + "name": "1014912", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014912" + }, + { + "name": "16840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16840" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3051.json b/2005/3xxx/CVE-2005-3051.json index fafe6c66d7f..071a560fb7e 100644 --- a/2005/3xxx/CVE-2005-3051.json +++ b/2005/3xxx/CVE-2005-3051.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7-Zip 3.13, 4.23, and 4.26 BETA, as used in products including Turbo Searcher, allows remote attackers to execute arbitrary code via a large ARJ block." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050923 Secunia Research: 7-Zip ARJ Archive Handling Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112749134603258&w=2" - }, - { - "name" : "http://secunia.com/secunia_research/2005-45/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-45/advisory/" - }, - { - "name" : "http://www.vuln.sg/turbosearcher330-en.html", - "refsource" : "MISC", - "url" : "http://www.vuln.sg/turbosearcher330-en.html" - }, - { - "name" : "14925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14925" - }, - { - "name" : "21208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21208" - }, - { - "name" : "ADV-2006-4603", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4603" - }, - { - "name" : "1017261", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017261" - }, - { - "name" : "16664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16664/" - }, - { - "name" : "23004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23004" - }, - { - "name" : "turbo-searcher-arj-bo(30438)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7-Zip 3.13, 4.23, and 4.26 BETA, as used in products including Turbo Searcher, allows remote attackers to execute arbitrary code via a large ARJ block." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14925" + }, + { + "name": "http://secunia.com/secunia_research/2005-45/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-45/advisory/" + }, + { + "name": "turbo-searcher-arj-bo(30438)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30438" + }, + { + "name": "ADV-2006-4603", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4603" + }, + { + "name": "1017261", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017261" + }, + { + "name": "http://www.vuln.sg/turbosearcher330-en.html", + "refsource": "MISC", + "url": "http://www.vuln.sg/turbosearcher330-en.html" + }, + { + "name": "21208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21208" + }, + { + "name": "23004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23004" + }, + { + "name": "16664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16664/" + }, + { + "name": "20050923 Secunia Research: 7-Zip ARJ Archive Handling Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112749134603258&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3193.json b/2005/3xxx/CVE-2005-3193.json index 5db3c2c0d0f..5b1e35ca44a 100644 --- a/2005/3xxx/CVE-2005-3193.json +++ b/2005/3xxx/CVE-2005-3193.json @@ -1,612 +1,612 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051205 Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418883/100/0/threaded" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20051207-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20051207-1.txt" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20051207-2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20051207-2.txt" - }, - { - "name" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html", - "refsource" : "CONFIRM", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1609", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1609" - }, - { - "name" : "DSA-931", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-931" - }, - { - "name" : "DSA-932", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-932" - }, - { - "name" : "DSA-937", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-937" - }, - { - "name" : "DSA-938", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-938" - }, - { - "name" : "DSA-940", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-940" - }, - { - "name" : "DSA-936", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-936" - }, - { - "name" : "DSA-950", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-950" - }, - { - "name" : "DSA-961", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-961" - }, - { - "name" : "DSA-962", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-962" - }, - { - "name" : "FEDORA-2005-1141", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html" - }, - { - "name" : "FEDORA-2005-1142", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html" - }, - { - "name" : "FEDORA-2005-1125", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html" - }, - { - "name" : "FEDORA-2005-1126", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html" - }, - { - "name" : "FEDORA-2005-1127", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html" - }, - { - "name" : "FEDORA-2005-1132", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00022.html" - }, - { - "name" : "FEDORA-2005-1171", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html" - }, - { - "name" : "FLSA:175404", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427990/100/0/threaded" - }, - { - "name" : "FLSA-2006:176751", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427053/100/0/threaded" - }, - { - "name" : "GLSA-200512-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml" - }, - { - "name" : "GLSA-200601-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml" - }, - { - "name" : "GLSA-200603-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml" - }, - { - "name" : "MDKSA-2006:010", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010" - }, - { - "name" : "MDKSA-2006:003", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003" - }, - { - "name" : "MDKSA-2006:004", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004" - }, - { - "name" : "MDKSA-2006:005", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005" - }, - { - "name" : "MDKSA-2006:006", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006" - }, - { - "name" : "MDKSA-2006:008", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008" - }, - { - "name" : "MDKSA-2006:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012" - }, - { - "name" : "MDKSA-2006:011", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011" - }, - { - "name" : "RHSA-2005:840", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-840.html" - }, - { - "name" : "RHSA-2005:867", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-867.html" - }, - { - "name" : "RHSA-2005:878", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-878.html" - }, - { - "name" : "RHSA-2005:868", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2005-868.html" - }, - { - "name" : "RHSA-2006:0160", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0160.html" - }, - { - "name" : "SCOSA-2006.15", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt" - }, - { - "name" : "SCOSA-2006.20", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt" - }, - { - "name" : "SCOSA-2006.21", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt" - }, - { - "name" : "20051201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U" - }, - { - "name" : "20060101-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" - }, - { - "name" : "20060201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" - }, - { - "name" : "SSA:2006-045-04", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" - }, - { - "name" : "SSA:2006-045-09", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" - }, - { - "name" : "102972", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1" - }, - { - "name" : "SUSE-SA:2006:001", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html" - }, - { - "name" : "SUSE-SR:2005:029", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_29_sr.html" - }, - { - "name" : "TSLSA-2005-0072", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0072/" - }, - { - "name" : "USN-227-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntulinux.org/usn/usn-227-1" - }, - { - "name" : "15721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15721" - }, - { - "name" : "oval:org.mitre.oval:def:11440", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11440" - }, - { - "name" : "ADV-2005-2789", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2789" - }, - { - "name" : "ADV-2005-2790", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2790" - }, - { - "name" : "ADV-2005-2856", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2856" - }, - { - "name" : "ADV-2005-2787", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2787" - }, - { - "name" : "ADV-2007-2280", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2280" - }, - { - "name" : "1015309", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015309" - }, - { - "name" : "1015324", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015324" - }, - { - "name" : "17912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17912" - }, - { - "name" : "17916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17916" - }, - { - "name" : "17920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17920" - }, - { - "name" : "17929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17929" - }, - { - "name" : "17940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17940" - }, - { - "name" : "17976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17976" - }, - { - "name" : "18009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18009" - }, - { - "name" : "18055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18055" - }, - { - "name" : "18061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18061" - }, - { - "name" : "17897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17897" - }, - { - "name" : "17926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17926" - }, - { - "name" : "18191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18191" - }, - { - "name" : "18192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18192" - }, - { - "name" : "18189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18189" - }, - { - "name" : "18313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18313" - }, - { - "name" : "18336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18336" - }, - { - "name" : "18387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18387" - }, - { - "name" : "18416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18416" - }, - { - "name" : "18349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18349" - }, - { - "name" : "18385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18385" - }, - { - "name" : "18389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18389" - }, - { - "name" : "18448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18448" - }, - { - "name" : "18398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18398" - }, - { - "name" : "18407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18407" - }, - { - "name" : "18534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18534" - }, - { - "name" : "18582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18582" - }, - { - "name" : "18303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18303" - }, - { - "name" : "18517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18517" - }, - { - "name" : "18554", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18554" - }, - { - "name" : "17955", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17955" - }, - { - "name" : "17956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17956" - }, - { - "name" : "17959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17959" - }, - { - "name" : "18674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18674" - }, - { - "name" : "18675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18675" - }, - { - "name" : "18679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18679" - }, - { - "name" : "18908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18908" - }, - { - "name" : "18913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18913" - }, - { - "name" : "19125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19125" - }, - { - "name" : "19230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19230" - }, - { - "name" : "19377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19377" - }, - { - "name" : "18147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18147" - }, - { - "name" : "18380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18380" - }, - { - "name" : "18520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18520" - }, - { - "name" : "19797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19797" - }, - { - "name" : "19798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19798" - }, - { - "name" : "25729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25729" - }, - { - "name" : "26413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26413" - }, - { - "name" : "236", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/236" - }, - { - "name" : "xpdf-jpx-stream-bo(23441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17959" + }, + { + "name": "17929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17929" + }, + { + "name": "19797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19797" + }, + { + "name": "SCOSA-2006.20", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt" + }, + { + "name": "DSA-932", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-932" + }, + { + "name": "18349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18349" + }, + { + "name": "18147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18147" + }, + { + "name": "SCOSA-2006.15", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt" + }, + { + "name": "18055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18055" + }, + { + "name": "http://www.kde.org/info/security/advisory-20051207-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20051207-1.txt" + }, + { + "name": "http://www.kde.org/info/security/advisory-20051207-2.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20051207-2.txt" + }, + { + "name": "18679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18679" + }, + { + "name": "18189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18189" + }, + { + "name": "26413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26413" + }, + { + "name": "17940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17940" + }, + { + "name": "18303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18303" + }, + { + "name": "DSA-931", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-931" + }, + { + "name": "18554", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18554" + }, + { + "name": "MDKSA-2006:003", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003" + }, + { + "name": "19230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19230" + }, + { + "name": "102972", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1" + }, + { + "name": "MDKSA-2006:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012" + }, + { + "name": "DSA-962", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-962" + }, + { + "name": "FEDORA-2005-1171", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html" + }, + { + "name": "1015309", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015309" + }, + { + "name": "DSA-937", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-937" + }, + { + "name": "18398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18398" + }, + { + "name": "FLSA-2006:176751", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427053/100/0/threaded" + }, + { + "name": "15721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15721" + }, + { + "name": "SUSE-SA:2006:001", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html" + }, + { + "name": "DSA-936", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-936" + }, + { + "name": "17916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17916" + }, + { + "name": "236", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/236" + }, + { + "name": "GLSA-200603-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml" + }, + { + "name": "RHSA-2005:840", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-840.html" + }, + { + "name": "ADV-2005-2789", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2789" + }, + { + "name": "RHSA-2005:867", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-867.html" + }, + { + "name": "18674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18674" + }, + { + "name": "MDKSA-2006:005", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005" + }, + { + "name": "18313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18313" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1609", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1609" + }, + { + "name": "RHSA-2005:868", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2005-868.html" + }, + { + "name": "20051201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U" + }, + { + "name": "20060101-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" + }, + { + "name": "18448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18448" + }, + { + "name": "18380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18380" + }, + { + "name": "GLSA-200512-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml" + }, + { + "name": "FEDORA-2005-1126", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html" + }, + { + "name": "18416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18416" + }, + { + "name": "FEDORA-2005-1132", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00022.html" + }, + { + "name": "ADV-2007-2280", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2280" + }, + { + "name": "GLSA-200601-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml" + }, + { + "name": "19125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19125" + }, + { + "name": "xpdf-jpx-stream-bo(23441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23441" + }, + { + "name": "FEDORA-2005-1142", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html" + }, + { + "name": "18336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18336" + }, + { + "name": "18061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18061" + }, + { + "name": "18407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18407" + }, + { + "name": "18009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18009" + }, + { + "name": "USN-227-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntulinux.org/usn/usn-227-1" + }, + { + "name": "17897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17897" + }, + { + "name": "18517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18517" + }, + { + "name": "18582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18582" + }, + { + "name": "18534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18534" + }, + { + "name": "SSA:2006-045-09", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" + }, + { + "name": "TSLSA-2005-0072", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0072/" + }, + { + "name": "18520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18520" + }, + { + "name": "FEDORA-2005-1127", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html" + }, + { + "name": "20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418883/100/0/threaded" + }, + { + "name": "18908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18908" + }, + { + "name": "25729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25729" + }, + { + "name": "MDKSA-2006:006", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006" + }, + { + "name": "17956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17956" + }, + { + "name": "17926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17926" + }, + { + "name": "19798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19798" + }, + { + "name": "MDKSA-2006:008", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008" + }, + { + "name": "18191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18191" + }, + { + "name": "20060201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" + }, + { + "name": "RHSA-2006:0160", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0160.html" + }, + { + "name": "17912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17912" + }, + { + "name": "MDKSA-2006:010", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010" + }, + { + "name": "DSA-940", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-940" + }, + { + "name": "MDKSA-2006:004", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004" + }, + { + "name": "oval:org.mitre.oval:def:11440", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11440" + }, + { + "name": "ADV-2005-2790", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2790" + }, + { + "name": "20051205 Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true" + }, + { + "name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html", + "refsource": "CONFIRM", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html" + }, + { + "name": "18389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18389" + }, + { + "name": "18192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18192" + }, + { + "name": "ADV-2005-2856", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2856" + }, + { + "name": "SSA:2006-045-04", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" + }, + { + "name": "19377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19377" + }, + { + "name": "FLSA:175404", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427990/100/0/threaded" + }, + { + "name": "DSA-961", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-961" + }, + { + "name": "SCOSA-2006.21", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt" + }, + { + "name": "18675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18675" + }, + { + "name": "1015324", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015324" + }, + { + "name": "18913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18913" + }, + { + "name": "DSA-938", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-938" + }, + { + "name": "SUSE-SR:2005:029", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html" + }, + { + "name": "ADV-2005-2787", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2787" + }, + { + "name": "RHSA-2005:878", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-878.html" + }, + { + "name": "FEDORA-2005-1141", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html" + }, + { + "name": "17920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17920" + }, + { + "name": "DSA-950", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-950" + }, + { + "name": "17955", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17955" + }, + { + "name": "17976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17976" + }, + { + "name": "18387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18387" + }, + { + "name": "FEDORA-2005-1125", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html" + }, + { + "name": "MDKSA-2006:011", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011" + }, + { + "name": "18385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18385" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3286.json b/2005/3xxx/CVE-2005-3286.json index 2e040aa5c05..ebf2c00db07 100644 --- a/2005/3xxx/CVE-2005-3286.json +++ b/2005/3xxx/CVE-2005-3286.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the \"PEB lockout vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037958.html" - }, - { - "name" : "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2005/Oct/166" - }, - { - "name" : "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt", - "refsource" : "MISC", - "url" : "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt" - }, - { - "name" : "http://www.kerio.com/security_advisory.html", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/security_advisory.html" - }, - { - "name" : "15094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15094" - }, - { - "name" : "19961", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19961" - }, - { - "name" : "17155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17155" - }, - { - "name" : "78", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/78" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the \"PEB lockout vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/78" + }, + { + "name": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt", + "refsource": "MISC", + "url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt" + }, + { + "name": "15094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15094" + }, + { + "name": "19961", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19961" + }, + { + "name": "http://www.kerio.com/security_advisory.html", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/security_advisory.html" + }, + { + "name": "17155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17155" + }, + { + "name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2005/Oct/166" + }, + { + "name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037958.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3311.json b/2005/3xxx/CVE-2005-3311.json index 0948d18c66c..ba3aa4ae7ce 100644 --- a/2005/3xxx/CVE-2005-3311.json +++ b/2005/3xxx/CVE-2005-3311.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051022 Insecure Temporary Files in BMC/Control-M Agent", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113018286105811&w=2" - }, - { - "name" : "15167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15167" - }, - { - "name" : "1015096", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015096" - }, - { - "name" : "17294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051022 Insecure Temporary Files in BMC/Control-M Agent", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113018286105811&w=2" + }, + { + "name": "1015096", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015096" + }, + { + "name": "17294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17294" + }, + { + "name": "15167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15167" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4107.json b/2005/4xxx/CVE-2005-4107.json index 0e30b8fca45..f9df1879412 100644 --- a/2005/4xxx/CVE-2005-4107.json +++ b/2005/4xxx/CVE-2005-4107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4107", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4107", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4247.json b/2005/4xxx/CVE-2005-4247.json index 7f12d2b2e2d..abf676b0dae 100644 --- a/2005/4xxx/CVE-2005-4247.json +++ b/2005/4xxx/CVE-2005-4247.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/plogger-sqlxss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/plogger-sqlxss-vuln.html" - }, - { - "name" : "15839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15839" - }, - { - "name" : "21711", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15839" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/plogger-sqlxss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/plogger-sqlxss-vuln.html" + }, + { + "name": "21711", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21711" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4438.json b/2005/4xxx/CVE-2005-4438.json index f0d2e0dba72..5a203875c4c 100644 --- a/2005/4xxx/CVE-2005-4438.json +++ b/2005/4xxx/CVE-2005-4438.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 Symantec Antivirus Library Remote Heap Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419853/100/0/threaded" - }, - { - "name" : "http://www.rem0te.com/public/images/symc2.pdf", - "refsource" : "MISC", - "url" : "http://www.rem0te.com/public/images/symc2.pdf" - }, - { - "name" : "VU#305272", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/305272" - }, - { - "name" : "15971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15971" - }, - { - "name" : "ADV-2005-3003", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3003" - }, - { - "name" : "1015384", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015384" - }, - { - "name" : "18131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18131" - }, - { - "name" : "276", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15971" + }, + { + "name": "276", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/276" + }, + { + "name": "ADV-2005-3003", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3003" + }, + { + "name": "http://www.rem0te.com/public/images/symc2.pdf", + "refsource": "MISC", + "url": "http://www.rem0te.com/public/images/symc2.pdf" + }, + { + "name": "1015384", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015384" + }, + { + "name": "20051220 Symantec Antivirus Library Remote Heap Overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419853/100/0/threaded" + }, + { + "name": "VU#305272", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/305272" + }, + { + "name": "18131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18131" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4632.json b/2005/4xxx/CVE-2005-4632.json index e523de3feb3..26b943df3d7 100644 --- a/2005/4xxx/CVE-2005-4632.json +++ b/2005/4xxx/CVE-2005-4632.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/vote-pro-4x-pollid-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/vote-pro-4x-pollid-sql-inj.html" - }, - { - "name" : "21309", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21309", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21309" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/vote-pro-4x-pollid-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/vote-pro-4x-pollid-sql-inj.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2337.json b/2009/2xxx/CVE-2009-2337.json index 13c3173dcde..f4f0c6cb8dd 100644 --- a/2009/2xxx/CVE-2009-2337.json +++ b/2009/2xxx/CVE-2009-2337.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8396", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8396" - }, - { - "name" : "http://www.w3bcms.de/2.news/54.kommentare/", - "refsource" : "CONFIRM", - "url" : "http://www.w3bcms.de/2.news/54.kommentare/" - }, - { - "name" : "34477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34477" - }, - { - "name" : "53614", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53614" - }, - { - "name" : "34650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34650" - }, - { - "name" : "guestbookmodule-indexinc-sql-injection(49853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.w3bcms.de/2.news/54.kommentare/", + "refsource": "CONFIRM", + "url": "http://www.w3bcms.de/2.news/54.kommentare/" + }, + { + "name": "guestbookmodule-indexinc-sql-injection(49853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49853" + }, + { + "name": "34650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34650" + }, + { + "name": "34477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34477" + }, + { + "name": "8396", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8396" + }, + { + "name": "53614", + "refsource": "OSVDB", + "url": "http://osvdb.org/53614" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2411.json b/2009/2xxx/CVE-2009-2411.json index 08fabaa7d64..ddee6b96434 100644 --- a/2009/2xxx/CVE-2009-2411.json +++ b/2009/2xxx/CVE-2009-2411.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090807 Subversion heap overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html" - }, - { - "name" : "[dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411", - "refsource" : "MLIST", - "url" : "http://svn.haxx.se/dev/archive-2009-08/0110.shtml" - }, - { - "name" : "[dev] 20090806 Subversion 1.5.7 Released", - "refsource" : "MLIST", - "url" : "http://svn.haxx.se/dev/archive-2009-08/0108.shtml" - }, - { - "name" : "[dev] 20090806 Subversion 1.6.4 Released", - "refsource" : "MLIST", - "url" : "http://svn.haxx.se/dev/archive-2009-08/0107.shtml" - }, - { - "name" : "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt" - }, - { - "name" : "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES" - }, - { - "name" : "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES" - }, - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "DSA-1855", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1855" - }, - { - "name" : "FEDORA-2009-8432", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html" - }, - { - "name" : "FEDORA-2009-8449", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html" - }, - { - "name" : "MDVSA-2009:199", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199" - }, - { - "name" : "RHSA-2009:1203", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1203.html" - }, - { - "name" : "USN-812-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-812-1" - }, - { - "name" : "35983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35983" - }, - { - "name" : "56856", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56856" - }, - { - "name" : "oval:org.mitre.oval:def:11465", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465" - }, - { - "name" : "1022697", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022697" - }, - { - "name" : "36184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36184" - }, - { - "name" : "36224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36224" - }, - { - "name" : "36232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36232" - }, - { - "name" : "36257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36257" - }, - { - "name" : "36262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36262" - }, - { - "name" : "ADV-2009-2180", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2180" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dev] 20090806 Subversion 1.5.7 Released", + "refsource": "MLIST", + "url": "http://svn.haxx.se/dev/archive-2009-08/0108.shtml" + }, + { + "name": "1022697", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022697" + }, + { + "name": "ADV-2009-2180", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2180" + }, + { + "name": "20090807 Subversion heap overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html" + }, + { + "name": "36262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36262" + }, + { + "name": "36257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36257" + }, + { + "name": "36184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36184" + }, + { + "name": "USN-812-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-812-1" + }, + { + "name": "DSA-1855", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1855" + }, + { + "name": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt" + }, + { + "name": "36224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36224" + }, + { + "name": "35983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35983" + }, + { + "name": "[dev] 20090806 Subversion 1.6.4 Released", + "refsource": "MLIST", + "url": "http://svn.haxx.se/dev/archive-2009-08/0107.shtml" + }, + { + "name": "FEDORA-2009-8449", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html" + }, + { + "name": "[dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411", + "refsource": "MLIST", + "url": "http://svn.haxx.se/dev/archive-2009-08/0110.shtml" + }, + { + "name": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES", + "refsource": "CONFIRM", + "url": "http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES" + }, + { + "name": "RHSA-2009:1203", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1203.html" + }, + { + "name": "36232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36232" + }, + { + "name": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES", + "refsource": "CONFIRM", + "url": "http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "MDVSA-2009:199", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:199" + }, + { + "name": "oval:org.mitre.oval:def:11465", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465" + }, + { + "name": "56856", + "refsource": "OSVDB", + "url": "http://osvdb.org/56856" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + }, + { + "name": "FEDORA-2009-8432", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2749.json b/2009/2xxx/CVE-2009-2749.json index 527c4292895..2662d34c231 100644 --- a/2009/2xxx/CVE-2009-2749.json +++ b/2009/2xxx/CVE-2009-2749.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27017328", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27017328" - }, - { - "name" : "PM00435", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM00435" - }, - { - "name" : "37392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37392" - }, - { - "name" : "ADV-2009-3598", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3598" - }, - { - "name" : "was-fbcea-collaboration-spoofing(54494)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM00435", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM00435" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27017328", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017328" + }, + { + "name": "37392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37392" + }, + { + "name": "ADV-2009-3598", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3598" + }, + { + "name": "was-fbcea-collaboration-spoofing(54494)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54494" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2813.json b/2009/2xxx/CVE-2009-2813.json index d4d94528b24..58990090c6a 100644 --- a/2009/2xxx/CVE-2009-2813.json +++ b/2009/2xxx/CVE-2009-2813.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507856/100/0/threaded" - }, - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "http://news.samba.org/releases/3.0.37/", - "refsource" : "CONFIRM", - "url" : "http://news.samba.org/releases/3.0.37/" - }, - { - "name" : "http://news.samba.org/releases/3.2.15/", - "refsource" : "CONFIRM", - "url" : "http://news.samba.org/releases/3.2.15/" - }, - { - "name" : "http://news.samba.org/releases/3.3.8/", - "refsource" : "CONFIRM", - "url" : "http://news.samba.org/releases/3.3.8/" - }, - { - "name" : "http://news.samba.org/releases/3.4.2/", - "refsource" : "CONFIRM", - "url" : "http://news.samba.org/releases/3.4.2/" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2009-2813.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2009-2813.html" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0145", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0145" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "FEDORA-2009-10172", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html" - }, - { - "name" : "FEDORA-2009-10180", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html" - }, - { - "name" : "HPSBUX02479", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126514298313071&w=2" - }, - { - "name" : "SSRT090212", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126514298313071&w=2" - }, - { - "name" : "SSA:2009-276-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439" - }, - { - "name" : "1021111", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1" - }, - { - "name" : "SUSE-SR:2009:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" - }, - { - "name" : "USN-839-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-839-1" - }, - { - "name" : "36363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36363" - }, - { - "name" : "57955", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57955" - }, - { - "name" : "oval:org.mitre.oval:def:7211", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211" - }, - { - "name" : "oval:org.mitre.oval:def:7791", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791" - }, - { - "name" : "oval:org.mitre.oval:def:9191", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191" - }, - { - "name" : "oval:org.mitre.oval:def:7257", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - }, - { - "name" : "36893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36893" - }, - { - "name" : "36918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36918" - }, - { - "name" : "36937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36937" - }, - { - "name" : "36953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36953" - }, - { - "name" : "37428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37428" - }, - { - "name" : "ADV-2009-2810", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2810" - }, - { - "name" : "macosx-smb-security-bypass(53174)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT090212", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126514298313071&w=2" + }, + { + "name": "http://news.samba.org/releases/3.4.2/", + "refsource": "CONFIRM", + "url": "http://news.samba.org/releases/3.4.2/" + }, + { + "name": "20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507856/100/0/threaded" + }, + { + "name": "FEDORA-2009-10172", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html" + }, + { + "name": "oval:org.mitre.oval:def:9191", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191" + }, + { + "name": "HPSBUX02479", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126514298313071&w=2" + }, + { + "name": "http://news.samba.org/releases/3.2.15/", + "refsource": "CONFIRM", + "url": "http://news.samba.org/releases/3.2.15/" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "1021111", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1" + }, + { + "name": "ADV-2009-2810", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2810" + }, + { + "name": "SSA:2009-276-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439" + }, + { + "name": "37428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37428" + }, + { + "name": "36937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36937" + }, + { + "name": "USN-839-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-839-1" + }, + { + "name": "http://news.samba.org/releases/3.0.37/", + "refsource": "CONFIRM", + "url": "http://news.samba.org/releases/3.0.37/" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2009-2813.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2009-2813.html" + }, + { + "name": "oval:org.mitre.oval:def:7257", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "36363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36363" + }, + { + "name": "36918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36918" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + }, + { + "name": "36893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36893" + }, + { + "name": "http://news.samba.org/releases/3.3.8/", + "refsource": "CONFIRM", + "url": "http://news.samba.org/releases/3.3.8/" + }, + { + "name": "36953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36953" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0145", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0145" + }, + { + "name": "oval:org.mitre.oval:def:7211", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211" + }, + { + "name": "SUSE-SR:2009:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" + }, + { + "name": "macosx-smb-security-bypass(53174)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53174" + }, + { + "name": "oval:org.mitre.oval:def:7791", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791" + }, + { + "name": "57955", + "refsource": "OSVDB", + "url": "http://osvdb.org/57955" + }, + { + "name": "FEDORA-2009-10180", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2832.json b/2009/2xxx/CVE-2009-2832.json index 999cf727f50..e1d67a4c415 100644 --- a/2009/2xxx/CVE-2009-2832.json +++ b/2009/2xxx/CVE-2009-2832.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a \"CWD command line tool.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "36956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36956" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a \"CWD command line tool.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36956" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2894.json b/2009/2xxx/CVE-2009-2894.json index c692ea628c0..9ed792e706e 100644 --- a/2009/2xxx/CVE-2009-2894.json +++ b/2009/2xxx/CVE-2009-2894.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/clone2009-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/clone2009-sql.txt" - }, - { - "name" : "56265", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56265" - }, - { - "name" : "56266", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56266" - }, - { - "name" : "56268", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56268" - }, - { - "name" : "35952", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35952" - }, - { - "name" : "ebayclone-cid-sql-injection(51956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56265", + "refsource": "OSVDB", + "url": "http://osvdb.org/56265" + }, + { + "name": "56266", + "refsource": "OSVDB", + "url": "http://osvdb.org/56266" + }, + { + "name": "35952", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35952" + }, + { + "name": "ebayclone-cid-sql-injection(51956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51956" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/clone2009-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/clone2009-sql.txt" + }, + { + "name": "56268", + "refsource": "OSVDB", + "url": "http://osvdb.org/56268" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3065.json b/2009/3xxx/CVE-2009-3065.json index b3a0ac20a64..01d4d1f1ec6 100644 --- a/2009/3xxx/CVE-2009-3065.json +++ b/2009/3xxx/CVE-2009-3065.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9577", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9577" - }, - { - "name" : "ADV-2009-2522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2522" + }, + { + "name": "9577", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9577" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3099.json b/2009/3xxx/CVE-2009-3099.json index f08ff56d028..898c5a8d34e 100644 --- a/2009/3xxx/CVE-2009-3099.json +++ b/2009/3xxx/CVE-2009-3099.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a \"Remote exploit,\" as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a \"Remote exploit,\" as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + }, + { + "name": "36541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36541" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3151.json b/2009/3xxx/CVE-2009-3151.json index fd744d51573..5e21f2187a3 100644 --- a/2009/3xxx/CVE-2009-3151.json +++ b/2009/3xxx/CVE-2009-3151.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9307", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9307" - }, - { - "name" : "ultrize-downloadfile-directory-traversal(52166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9307", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9307" + }, + { + "name": "ultrize-downloadfile-directory-traversal(52166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52166" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4517.json b/2009/4xxx/CVE-2009-4517.json index 020c9f96590..be2f67c56fc 100644 --- a/2009/4xxx/CVE-2009-4517.json +++ b/2009/4xxx/CVE-2009-4517.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/617444", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/617444" - }, - { - "name" : "37201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37201" - }, - { - "name" : "ADV-2009-3088", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/617444", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/617444" + }, + { + "name": "37201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37201" + }, + { + "name": "ADV-2009-3088", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3088" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4528.json b/2009/4xxx/CVE-2009-4528.json index 001cbb65509..19cea3f6346 100644 --- a/2009/4xxx/CVE-2009-4528.json +++ b/2009/4xxx/CVE-2009-4528.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/604354", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/604354" - }, - { - "name" : "http://drupal.org/node/604514", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/604514" - }, - { - "name" : "36685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36685" - }, - { - "name" : "58947", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58947" - }, - { - "name" : "37060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37060" - }, - { - "name" : "ADV-2009-2920", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2920" - }, - { - "name" : "ogvocab-membership-security-bypass(53780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2920", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2920" + }, + { + "name": "http://drupal.org/node/604354", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/604354" + }, + { + "name": "36685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36685" + }, + { + "name": "58947", + "refsource": "OSVDB", + "url": "http://osvdb.org/58947" + }, + { + "name": "http://drupal.org/node/604514", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/604514" + }, + { + "name": "ogvocab-membership-security-bypass(53780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53780" + }, + { + "name": "37060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37060" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4762.json b/2009/4xxx/CVE-2009-4762.json index a06fcd23812..dfa7e164fb5 100644 --- a/2009/4xxx/CVE-2009-4762.json +++ b/2009/4xxx/CVE-2009-4762.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2" - }, - { - "name" : "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2" - }, - { - "name" : "http://moinmo.in/SecurityFixes", - "refsource" : "CONFIRM", - "url" : "http://moinmo.in/SecurityFixes" - }, - { - "name" : "DSA-2014", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2014" - }, - { - "name" : "USN-941-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-941-1" - }, - { - "name" : "35277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35277" - }, - { - "name" : "39887", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39887" - }, - { - "name" : "ADV-2010-0600", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0600" - }, - { - "name" : "ADV-2010-1208", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2" + }, + { + "name": "http://moinmo.in/SecurityFixes", + "refsource": "CONFIRM", + "url": "http://moinmo.in/SecurityFixes" + }, + { + "name": "ADV-2010-1208", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1208" + }, + { + "name": "DSA-2014", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2014" + }, + { + "name": "39887", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39887" + }, + { + "name": "35277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35277" + }, + { + "name": "USN-941-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-941-1" + }, + { + "name": "ADV-2010-0600", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0600" + }, + { + "name": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0205.json b/2015/0xxx/CVE-2015-0205.json index 55b7440f645..b9ff0bdae8c 100644 --- a/2015/0xxx/CVE-2015-0205.json +++ b/2015/0xxx/CVE-2015-0205.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3", - "refsource" : "CONFIRM", - "url" : "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3" - }, - { - "name" : "https://www.openssl.org/news/secadv_20150108.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20150108.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa88", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa88" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10102", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10102" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10108", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10108" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://support.citrix.com/article/CTX216642", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX216642" - }, - { - "name" : "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" - }, - { - "name" : "DSA-3125", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3125" - }, - { - "name" : "FEDORA-2015-0512", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html" - }, - { - "name" : "FEDORA-2015-0601", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html" - }, - { - "name" : "HPSBHF03289", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721102728110&w=2" - }, - { - "name" : "HPSBMU03380", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2" - }, - { - "name" : "HPSBMU03396", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050205101530&w=2" - }, - { - "name" : "HPSBMU03397", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050297101809&w=2" - }, - { - "name" : "HPSBMU03409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" - }, - { - "name" : "HPSBMU03413", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050254401665&w=2" - }, - { - "name" : "MDVSA-2015:019", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019" - }, - { - "name" : "MDVSA-2015:062", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" - }, - { - "name" : "RHSA-2015:0066", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0066.html" - }, - { - "name" : "openSUSE-SU-2015:0130", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:0578", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" - }, - { - "name" : "SUSE-SU-2015:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" - }, - { - "name" : "openSUSE-SU-2015:1277", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "71941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71941" - }, - { - "name" : "1033378", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033378" - }, - { - "name" : "openssl-cve20150205-sec-bypass(99708)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openssl-cve20150205-sec-bypass(99708)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99708" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "openSUSE-SU-2015:0130", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" + }, + { + "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" + }, + { + "name": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3", + "refsource": "CONFIRM", + "url": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3" + }, + { + "name": "HPSBMU03409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "71941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71941" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "HPSBMU03380", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" + }, + { + "name": "FEDORA-2015-0601", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html" + }, + { + "name": "1033378", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033378" + }, + { + "name": "HPSBHF03289", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2" + }, + { + "name": "https://www.openssl.org/news/secadv_20150108.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20150108.txt" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" + }, + { + "name": "MDVSA-2015:019", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "openSUSE-SU-2015:1277", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" + }, + { + "name": "RHSA-2015:0066", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108" + }, + { + "name": "SUSE-SU-2015:0578", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102" + }, + { + "name": "SUSE-SU-2015:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" + }, + { + "name": "HPSBMU03397", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "HPSBMU03396", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050205101530&w=2" + }, + { + "name": "MDVSA-2015:062", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" + }, + { + "name": "https://support.citrix.com/article/CTX216642", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX216642" + }, + { + "name": "HPSBMU03413", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa88", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa88" + }, + { + "name": "DSA-3125", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3125" + }, + { + "name": "FEDORA-2015-0512", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0615.json b/2015/0xxx/CVE-2015-0615.json index 9c657751018..f92cb375194 100644 --- a/2015/0xxx/CVE-2015-0615.json +++ b/2015/0xxx/CVE-2015-0615.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150401 Multiple Vulnerabilities in Cisco Unity Connection", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc" - }, - { - "name" : "1032010", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150401 Multiple Vulnerabilities in Cisco Unity Connection", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc" + }, + { + "name": "1032010", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032010" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0778.json b/2015/0xxx/CVE-2015-0778.json index 7b0365672a5..58cd1ab1125 100644 --- a/2015/0xxx/CVE-2015-0778.json +++ b/2015/0xxx/CVE-2015-0778.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2015-0778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=901643", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=901643" - }, - { - "name" : "FEDORA-2015-4687", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154117.html" - }, - { - "name" : "FEDORA-2015-4482", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154267.html" - }, - { - "name" : "FEDORA-2015-4549", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154257.html" - }, - { - "name" : "GLSA-201603-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-02" - }, - { - "name" : "SUSE-SU-2015:0487", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:0486", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00011.html" - }, - { - "name" : "73114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-4482", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154267.html" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=901643", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=901643" + }, + { + "name": "73114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73114" + }, + { + "name": "FEDORA-2015-4687", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154117.html" + }, + { + "name": "FEDORA-2015-4549", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154257.html" + }, + { + "name": "openSUSE-SU-2015:0486", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00011.html" + }, + { + "name": "GLSA-201603-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-02" + }, + { + "name": "SUSE-SU-2015:0487", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1219.json b/2015/1xxx/CVE-2015-1219.json index 59b1a0c8123..4c8106757a6 100644 --- a/2015/1xxx/CVE-2015-1219.json +++ b/2015/1xxx/CVE-2015-1219.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=446164", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=446164" - }, - { - "name" : "https://skia.googlesource.com/skia/+/2ff257bd95c732b9cebc3aac03fbed72d6e6082a", - "refsource" : "CONFIRM", - "url" : "https://skia.googlesource.com/skia/+/2ff257bd95c732b9cebc3aac03fbed72d6e6082a" - }, - { - "name" : "GLSA-201503-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-12" - }, - { - "name" : "RHSA-2015:0627", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0627.html" - }, - { - "name" : "USN-2521-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2521-1" - }, - { - "name" : "72901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=446164", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=446164" + }, + { + "name": "USN-2521-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2521-1" + }, + { + "name": "72901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72901" + }, + { + "name": "https://skia.googlesource.com/skia/+/2ff257bd95c732b9cebc3aac03fbed72d6e6082a", + "refsource": "CONFIRM", + "url": "https://skia.googlesource.com/skia/+/2ff257bd95c732b9cebc3aac03fbed72d6e6082a" + }, + { + "name": "GLSA-201503-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-12" + }, + { + "name": "RHSA-2015:0627", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1396.json b/2015/1xxx/CVE-2015-1396.json index d0dfa55fb1d..ea659ff4576 100644 --- a/2015/1xxx/CVE-2015-1396.json +++ b/2015/1xxx/CVE-2015-1396.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1396", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1396", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1410.json b/2015/1xxx/CVE-2015-1410.json index 8dfc2410f19..e911d6cfcf4 100644 --- a/2015/1xxx/CVE-2015-1410.json +++ b/2015/1xxx/CVE-2015-1410.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1410", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1410", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1620.json b/2015/1xxx/CVE-2015-1620.json index 1ac8703881e..e43e34f3f42 100644 --- a/2015/1xxx/CVE-2015-1620.json +++ b/2015/1xxx/CVE-2015-1620.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1620", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1620", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1623.json b/2015/1xxx/CVE-2015-1623.json index da7ce552053..89672b2b081 100644 --- a/2015/1xxx/CVE-2015-1623.json +++ b/2015/1xxx/CVE-2015-1623.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0056 and CVE-2015-1626." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" - }, - { - "name" : "72928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72928" - }, - { - "name" : "1031888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0056 and CVE-2015-1626." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" + }, + { + "name": "1031888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031888" + }, + { + "name": "72928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72928" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4161.json b/2015/4xxx/CVE-2015-4161.json index da9dc9a7a10..949577594c3 100644 --- a/2015/4xxx/CVE-2015-4161.json +++ b/2015/4xxx/CVE-2015-4161.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150522 SAP Security Notes May 2015", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/May/96" - }, - { - "name" : "74800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74800" + }, + { + "name": "20150522 SAP Security Notes May 2015", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/May/96" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4281.json b/2015/4xxx/CVE-2015-4281.json index bf97a41a063..af462fa6bb9 100644 --- a/2015/4xxx/CVE-2015-4281.json +++ b/2015/4xxx/CVE-2015-4281.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150721 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40021" - }, - { - "name" : "75979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75979" - }, - { - "name" : "1033016", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150721 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40021" + }, + { + "name": "75979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75979" + }, + { + "name": "1033016", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033016" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4480.json b/2015/4xxx/CVE-2015-4480.json index 3018b881375..fbc32ca2b24 100644 --- a/2015/4xxx/CVE-2015-4480.json +++ b/2015/4xxx/CVE-2015-4480.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-83.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-83.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1144107", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1144107" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3333", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3333" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "RHSA-2015:1586", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1586.html" - }, - { - "name" : "openSUSE-SU-2015:1389", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:1390", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" - }, - { - "name" : "openSUSE-SU-2015:1453", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html" - }, - { - "name" : "openSUSE-SU-2015:1454", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html" - }, - { - "name" : "USN-2702-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-1" - }, - { - "name" : "USN-2702-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-2" - }, - { - "name" : "USN-2702-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-3" - }, - { - "name" : "1033247", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1144107", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1144107" + }, + { + "name": "openSUSE-SU-2015:1454", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html" + }, + { + "name": "USN-2702-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-3" + }, + { + "name": "openSUSE-SU-2015:1389", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" + }, + { + "name": "openSUSE-SU-2015:1453", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html" + }, + { + "name": "RHSA-2015:1586", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-83.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-83.html" + }, + { + "name": "1033247", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033247" + }, + { + "name": "USN-2702-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-2" + }, + { + "name": "USN-2702-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-1" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "DSA-3333", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3333" + }, + { + "name": "openSUSE-SU-2015:1390", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4688.json b/2015/4xxx/CVE-2015-4688.json index c369e510d89..aa4dd2bdbe0 100644 --- a/2015/4xxx/CVE-2015-4688.json +++ b/2015/4xxx/CVE-2015-4688.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151202 Ellucian Banner Student Vulnerability Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537029/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134622/Banner-Student-XSS-Information-Disclosure-Open-Redirect.html" + }, + { + "name": "20151202 Ellucian Banner Student Vulnerability Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537029/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5139.json b/2015/5xxx/CVE-2015-5139.json index 9ef6d14a377..ef92239a2d6 100644 --- a/2015/5xxx/CVE-2015-5139.json +++ b/2015/5xxx/CVE-2015-5139.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5139", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5139", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5270.json b/2015/5xxx/CVE-2015-5270.json index 4e175be43f3..0250fd10116 100644 --- a/2015/5xxx/CVE-2015-5270.json +++ b/2015/5xxx/CVE-2015-5270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5270", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5270", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5296.json b/2015/5xxx/CVE-2015-5296.json index 4a7b63d48a3..cbb7a86bf10 100644 --- a/2015/5xxx/CVE-2015-5296.json +++ b/2015/5xxx/CVE-2015-5296.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1290292", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1290292" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=1ba49b8f389eda3414b14410c7fbcb4041ca06b1", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=1ba49b8f389eda3414b14410c7fbcb4041ca06b1" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=a819d2b440aafa3138d95ff6e8b824da885a70e9", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=a819d2b440aafa3138d95ff6e8b824da885a70e9" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=d724f835acb9f4886c0001af32cd325dbbf1f895", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=d724f835acb9f4886c0001af32cd325dbbf1f895" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2015-5296.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2015-5296.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "DSA-3433", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3433" - }, - { - "name" : "FEDORA-2015-0e0879cc8a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html" - }, - { - "name" : "FEDORA-2015-b36076d32e", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html" - }, - { - "name" : "GLSA-201612-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-47" - }, - { - "name" : "openSUSE-SU-2016:1064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" - }, - { - "name" : "openSUSE-SU-2016:1106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:1107", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" - }, - { - "name" : "SUSE-SU-2015:2304", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html" - }, - { - "name" : "SUSE-SU-2015:2305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html" - }, - { - "name" : "SUSE-SU-2016:0032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html" - }, - { - "name" : "openSUSE-SU-2015:2354", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html" - }, - { - "name" : "openSUSE-SU-2015:2356", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html" - }, - { - "name" : "SUSE-SU-2016:0164", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html" - }, - { - "name" : "USN-2855-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2855-2" - }, - { - "name" : "USN-2855-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2855-1" - }, - { - "name" : "79732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79732" - }, - { - "name" : "1034493", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=a819d2b440aafa3138d95ff6e8b824da885a70e9", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=a819d2b440aafa3138d95ff6e8b824da885a70e9" + }, + { + "name": "FEDORA-2015-0e0879cc8a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html" + }, + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=1ba49b8f389eda3414b14410c7fbcb4041ca06b1", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=1ba49b8f389eda3414b14410c7fbcb4041ca06b1" + }, + { + "name": "openSUSE-SU-2016:1064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" + }, + { + "name": "USN-2855-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2855-2" + }, + { + "name": "SUSE-SU-2016:0032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html" + }, + { + "name": "SUSE-SU-2015:2304", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "SUSE-SU-2015:2305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html" + }, + { + "name": "79732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79732" + }, + { + "name": "SUSE-SU-2016:0164", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html" + }, + { + "name": "openSUSE-SU-2015:2354", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html" + }, + { + "name": "FEDORA-2015-b36076d32e", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html" + }, + { + "name": "openSUSE-SU-2016:1106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" + }, + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=d724f835acb9f4886c0001af32cd325dbbf1f895", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=d724f835acb9f4886c0001af32cd325dbbf1f895" + }, + { + "name": "1034493", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034493" + }, + { + "name": "DSA-3433", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3433" + }, + { + "name": "openSUSE-SU-2016:1107", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "GLSA-201612-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-47" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1290292", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290292" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2015-5296.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2015-5296.html" + }, + { + "name": "USN-2855-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2855-1" + }, + { + "name": "openSUSE-SU-2015:2356", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5797.json b/2015/5xxx/CVE-2015-5797.json index 1b5019fb723..e24592be52e 100644 --- a/2015/5xxx/CVE-2015-5797.json +++ b/2015/5xxx/CVE-2015-5797.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "https://support.apple.com/HT205265", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205265" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-09-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" - }, - { - "name" : "76763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76763" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76763" + }, + { + "name": "https://support.apple.com/HT205265", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205265" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "APPLE-SA-2015-09-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3429.json b/2018/3xxx/CVE-2018-3429.json index 84dc2d177a7..6966dc0432f 100644 --- a/2018/3xxx/CVE-2018-3429.json +++ b/2018/3xxx/CVE-2018-3429.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3429", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3429", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3503.json b/2018/3xxx/CVE-2018-3503.json index 3f5d59b4165..0f71364ce79 100644 --- a/2018/3xxx/CVE-2018-3503.json +++ b/2018/3xxx/CVE-2018-3503.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3503", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3503", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3614.json b/2018/3xxx/CVE-2018-3614.json index 56bc4771a07..62adcfec8d4 100644 --- a/2018/3xxx/CVE-2018-3614.json +++ b/2018/3xxx/CVE-2018-3614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3614", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3614", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3785.json b/2018/3xxx/CVE-2018-3785.json index 4153d8cd9d6..2de3087a649 100644 --- a/2018/3xxx/CVE-2018-3785.json +++ b/2018/3xxx/CVE-2018-3785.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "git-dummy-commit", - "version" : { - "version_data" : [ - { - "version_value" : "Not fixed" - } - ] - } - } - ] - }, - "vendor_name" : "https://github.com/stevemao" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection (CWE-78)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "git-dummy-commit", + "version": { + "version_data": [ + { + "version_value": "Not fixed" + } + ] + } + } + ] + }, + "vendor_name": "https://github.com/stevemao" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/341710", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/341710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection (CWE-78)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/341710", + "refsource": "MISC", + "url": "https://hackerone.com/reports/341710" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6423.json b/2018/6xxx/CVE-2018-6423.json index 9fce4c975d6..773ace2252d 100644 --- a/2018/6xxx/CVE-2018-6423.json +++ b/2018/6xxx/CVE-2018-6423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6553.json b/2018/6xxx/CVE-2018-6553.json index 69b79537bc0..8e26b2b5b30 100644 --- a/2018/6xxx/CVE-2018-6553.json +++ b/2018/6xxx/CVE-2018-6553.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@ubuntu.com", - "DATE_PUBLIC" : "2018-07-11T16:00:00.000Z", - "ID" : "CVE-2018-6553", - "STATE" : "PUBLIC", - "TITLE" : "AppArmor cupsd Sandbox Bypass Due to Use of Hard Links" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cups", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "Ubuntu 18.04 LTS", - "version_value" : "2.2.7-1ubuntu2.1" - }, - { - "affected" : "<", - "platform" : "Ubuntu 17.10", - "version_value" : "2.2.4-7ubuntu3.1" - }, - { - "affected" : "<", - "platform" : "Ubuntu 16.04 LTS", - "version_value" : "2.1.3-4ubuntu0.5" - }, - { - "affected" : "<", - "platform" : "Ubuntu 14.04 LTS", - "version_value" : "1.7.2-0ubuntu1.10" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Dan Bastone" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escape from sandbox confinement" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2018-07-11T16:00:00.000Z", + "ID": "CVE-2018-6553", + "STATE": "PUBLIC", + "TITLE": "AppArmor cupsd Sandbox Bypass Due to Use of Hard Links" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cups", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "Ubuntu 18.04 LTS", + "version_value": "2.2.7-1ubuntu2.1" + }, + { + "affected": "<", + "platform": "Ubuntu 17.10", + "version_value": "2.2.4-7ubuntu3.1" + }, + { + "affected": "<", + "platform": "Ubuntu 16.04 LTS", + "version_value": "2.1.3-4ubuntu0.5" + }, + { + "affected": "<", + "platform": "Ubuntu 14.04 LTS", + "version_value": "1.7.2-0ubuntu1.10" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1426-1] cups security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html" - }, - { - "name" : "DSA-4243", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4243" - }, - { - "name" : "USN-3713-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/usn/usn-3713-1" - } - ] - }, - "source" : { - "advisory" : "USN-3713-1", - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Dan Bastone" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escape from sandbox confinement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3713-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/usn/usn-3713-1" + }, + { + "name": "DSA-4243", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4243" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1426-1] cups security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html" + } + ] + }, + "source": { + "advisory": "USN-3713-1", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6910.json b/2018/6xxx/CVE-2018-6910.json index 5c76be8ca7d..7c927ef127b 100644 --- a/2018/6xxx/CVE-2018-6910.json +++ b/2018/6xxx/CVE-2018-6910.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md", - "refsource" : "MISC", - "url" : "https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md", + "refsource": "MISC", + "url": "https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7188.json b/2018/7xxx/CVE-2018-7188.json index f82048099ee..d0a11578bc9 100644 --- a/2018/7xxx/CVE-2018-7188.json +++ b/2018/7xxx/CVE-2018-7188.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2018/02/16/1", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2018/02/16/1" - }, - { - "name" : "https://sourceforge.net/p/tikiwiki/code/65327", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/tikiwiki/code/65327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/tikiwiki/code/65327", + "refsource": "MISC", + "url": "https://sourceforge.net/p/tikiwiki/code/65327" + }, + { + "name": "http://openwall.com/lists/oss-security/2018/02/16/1", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2018/02/16/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7603.json b/2018/7xxx/CVE-2018-7603.json index 7db13411bc0..b07f7e4535a 100644 --- a/2018/7xxx/CVE-2018-7603.json +++ b/2018/7xxx/CVE-2018-7603.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "AKA" : "", - "ASSIGNER" : "mlhess@drupal.org", - "DATE_PUBLIC" : "", - "ID" : "CVE-2018-7603", - "STATE" : "PUBLIC", - "TITLE" : "Search Autocomplete " - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "3rd party module - Search Autocomplete", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "", - "version_name" : "7.x-4.x", - "version_value" : "7.x-4.8" - } - ] - } - } - ] - }, - "vendor_name" : "Drupal" - } - ] - } - }, - "configuration" : [], - "credit" : [ - { - "lang" : "eng", - "value" : "Reported By: Simon Kapadia Fixed By: Dominique CLAUSE" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments." - } - ] - }, - "exploit" : [], - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "PHYSICAL", - "availabilityImpact" : "NONE", - "baseScore" : 0, - "baseSeverity" : "NONE", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A vulnerability in search auto complete a 3rd party Druapl contributed module. Search Autocomplete allows an attacker to execute javascript code to causing xss. Affected releases are Drupal 3rd party module - Search Autocomplete: versions prior to 7.x-4.8." - } + "CVE_data_meta": { + "AKA": "", + "ASSIGNER": "security@drupal.org", + "DATE_PUBLIC": "", + "ID": "CVE-2018-7603", + "STATE": "PUBLIC", + "TITLE": "Search Autocomplete " + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "3rd party module - Search Autocomplete", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "", + "version_name": "7.x-4.x", + "version_value": "7.x-4.8" + } + ] + } + } + ] + }, + "vendor_name": "Drupal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/sa-contrib-2018-070", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/sa-contrib-2018-070" - } - ] - }, - "solution" : [], - "source" : { - "advisory" : "https://www.drupal.org/sa-contrib-2018-070", - "defect" : [], - "discovery" : "UNKNOWN" - }, - "work_around" : [] -} + } + }, + "configuration": [], + "credit": [ + { + "lang": "eng", + "value": "Reported By: Simon Kapadia Fixed By: Dominique CLAUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments." + } + ] + }, + "exploit": [], + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 0, + "baseSeverity": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A vulnerability in search auto complete a 3rd party Druapl contributed module. Search Autocomplete allows an attacker to execute javascript code to causing xss. Affected releases are Drupal 3rd party module - Search Autocomplete: versions prior to 7.x-4.8." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/sa-contrib-2018-070", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/sa-contrib-2018-070" + } + ] + }, + "solution": [], + "source": { + "advisory": "https://www.drupal.org/sa-contrib-2018-070", + "defect": [], + "discovery": "UNKNOWN" + }, + "work_around": [] +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7723.json b/2018/7xxx/CVE-2018-7723.json index cf29352dc5d..7bd391a19c5 100644 --- a/2018/7xxx/CVE-2018-7723.json +++ b/2018/7xxx/CVE-2018-7723.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md", - "refsource" : "MISC", - "url" : "https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md", + "refsource": "MISC", + "url": "https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7738.json b/2018/7xxx/CVE-2018-7738.json index b3f374b72f5..8eb94db5d1d 100644 --- a/2018/7xxx/CVE-2018-7738.json +++ b/2018/7xxx/CVE-2018-7738.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/892179", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/892179" - }, - { - "name" : "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", - "refsource" : "MISC", - "url" : "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55" - }, - { - "name" : "https://github.com/karelzak/util-linux/issues/539", - "refsource" : "MISC", - "url" : "https://github.com/karelzak/util-linux/issues/539" - }, - { - "name" : "DSA-4134", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4134" - }, - { - "name" : "103367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/karelzak/util-linux/issues/539", + "refsource": "MISC", + "url": "https://github.com/karelzak/util-linux/issues/539" + }, + { + "name": "DSA-4134", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4134" + }, + { + "name": "103367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103367" + }, + { + "name": "https://bugs.debian.org/892179", + "refsource": "MISC", + "url": "https://bugs.debian.org/892179" + }, + { + "name": "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", + "refsource": "MISC", + "url": "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7835.json b/2018/7xxx/CVE-2018-7835.json index 1671ee05cb0..96b4fbf97d1 100644 --- a/2018/7xxx/CVE-2018-7835.json +++ b/2018/7xxx/CVE-2018-7835.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "ID" : "CVE-2018-7835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IIoT Monitor 3.1.38", - "version" : { - "version_data" : [ - { - "version_value" : "IIoT Monitor 3.1.38" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "ID": "CVE-2018-7835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IIoT Monitor 3.1.38", + "version": { + "version_data": [ + { + "version_value": "IIoT Monitor 3.1.38" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/" - }, - { - "name" : "106484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106484" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8802.json b/2018/8xxx/CVE-2018-8802.json index 07c67ccf814..fd6b350484d 100644 --- a/2018/8xxx/CVE-2018-8802.json +++ b/2018/8xxx/CVE-2018-8802.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=49", - "refsource" : "CONFIRM", - "url" : "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=49" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=49", + "refsource": "CONFIRM", + "url": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=49" + } + ] + } +} \ No newline at end of file