diff --git a/1999/1xxx/CVE-1999-1030.json b/1999/1xxx/CVE-1999-1030.json index 63d1776c6b1..13591c3fda8 100644 --- a/1999/1xxx/CVE-1999-1030.json +++ b/1999/1xxx/CVE-1999-1030.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990519 Denial of Service in Counter.exe version 2.70", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=92713790426690&w=2" - }, - { - "name" : "19990519 Denial of Service in Counter.exe version 2.70", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=92707671717292&w=2" - }, - { - "name" : "267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990519 Denial of Service in Counter.exe version 2.70", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=92707671717292&w=2" + }, + { + "name": "19990519 Denial of Service in Counter.exe version 2.70", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=92713790426690&w=2" + }, + { + "name": "267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/267" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1322.json b/1999/1xxx/CVE-1999-1322.json index de632e5ca27..cb38776585c 100644 --- a/1999/1xxx/CVE-1999-1322.json +++ b/1999/1xxx/CVE-1999-1322.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19981112 exchverify.log", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=91096758513985&w=2" - }, - { - "name" : "19981117 Re: exchverify.log - update #1", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=91133714919229&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19981112 exchverify.log", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=91096758513985&w=2" + }, + { + "name": "19981117 Re: exchverify.log - update #1", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=91133714919229&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1478.json b/1999/1xxx/CVE-1999-1478.json index 8b29c13c2e4..2e9c856a415 100644 --- a/1999/1xxx/CVE-1999-1478.json +++ b/1999/1xxx/CVE-1999-1478.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990706 Bug in SUN's Hotspot VM", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=93138827429589&w=2" - }, - { - "name" : "19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=93240220324183&w=2" - }, - { - "name" : "522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/522" - }, - { - "name" : "sun-hotspot-vm(2348)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=93240220324183&w=2" + }, + { + "name": "19990706 Bug in SUN's Hotspot VM", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=93138827429589&w=2" + }, + { + "name": "sun-hotspot-vm(2348)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2348" + }, + { + "name": "522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/522" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0509.json b/2000/0xxx/CVE-2000-0509.json index dccd22c7d22..4a672469404 100644 --- a/2000/0xxx/CVE-2000-0509.json +++ b/2000/0xxx/CVE-2000-0509.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000601 DST2K0008: Buffer Overrun in Sambar Server 4.3", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=95990103207665&w=2" - }, - { - "name" : "1287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1287" + }, + { + "name": "20000601 DST2K0008: Buffer Overrun in Sambar Server 4.3", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=95990103207665&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0563.json b/2000/0xxx/CVE-2000-0563.json index 9691c605841..d405b21f5ac 100644 --- a/2000/0xxx/CVE-2000-0563.json +++ b/2000/0xxx/CVE-2000-0563.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000609 Security Holes Found in URLConnection of MRJ and IE of Mac OS (was Re: Reappearance of an old IE security bug)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0056.html" - }, - { - "name" : "20000513 Re: Reappearance of an old IE security bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-8&msg=391C95DE2DA.5E3BTAKAGI@java-house.etl.go.jp" - }, - { - "name" : "1336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000609 Security Holes Found in URLConnection of MRJ and IE of Mac OS (was Re: Reappearance of an old IE security bug)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0056.html" + }, + { + "name": "1336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1336" + }, + { + "name": "20000513 Re: Reappearance of an old IE security bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-8&msg=391C95DE2DA.5E3BTAKAGI@java-house.etl.go.jp" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0811.json b/2000/0xxx/CVE-2000-0811.json index 4bae73b032f..1f282b3ecdc 100644 --- a/2000/0xxx/CVE-2000-0811.json +++ b/2000/0xxx/CVE-2000-0811.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1783" - }, - { - "name" : "auction-weaver-username-bidfile(5372)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5372" - }, - { - "name" : "4053", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1783" + }, + { + "name": "auction-weaver-username-bidfile(5372)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5372" + }, + { + "name": "4053", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4053" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1107.json b/2000/1xxx/CVE-2000-1107.json index 966ac6e685f..65b13795eec 100644 --- a/2000/1xxx/CVE-2000-1107.json +++ b/2000/1xxx/CVE-2000-1107.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001128 SuSE Linux 6.x 7.0 Ident buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0387.html" - }, - { - "name" : "2015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2015" - }, - { - "name" : "linux-ident-bo(5590)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001128 SuSE Linux 6.x 7.0 Ident buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0387.html" + }, + { + "name": "linux-ident-bo(5590)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5590" + }, + { + "name": "2015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2015" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2001.json b/2005/2xxx/CVE-2005-2001.json index 08a29305def..d8b916bbbf3 100644 --- a/2005/2xxx/CVE-2005-2001.json +++ b/2005/2xxx/CVE-2005-2001.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050615 Multiple paFileDB Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111885787217807&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00082-06142005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00082-06142005" - }, - { - "name" : "http://www.phparena.net/", - "refsource" : "CONFIRM", - "url" : "http://www.phparena.net/" - }, - { - "name" : "http://www.phparena.net/pafiledb_patch/", - "refsource" : "CONFIRM", - "url" : "http://www.phparena.net/pafiledb_patch/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phparena.net/", + "refsource": "CONFIRM", + "url": "http://www.phparena.net/" + }, + { + "name": "20050615 Multiple paFileDB Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111885787217807&w=2" + }, + { + "name": "http://www.phparena.net/pafiledb_patch/", + "refsource": "CONFIRM", + "url": "http://www.phparena.net/pafiledb_patch/" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00082-06142005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00082-06142005" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2066.json b/2005/2xxx/CVE-2005-2066.json index 9bcafa76caf..ee16b802457 100644 --- a/2005/2xxx/CVE-2005-2066.json +++ b/2005/2xxx/CVE-2005-2066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050626 M4DR007-07SA (security advisory): Multiple vulnerabilities in ASP Nuke 0.80", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111989223906484&w=2" - }, - { - "name" : "20050627 SQL Injection Exploit for ASPNuke <= 0.80", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111999188612055&w=2" - }, - { - "name" : "14064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050627 SQL Injection Exploit for ASPNuke <= 0.80", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111999188612055&w=2" + }, + { + "name": "14064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14064" + }, + { + "name": "20050626 M4DR007-07SA (security advisory): Multiple vulnerabilities in ASP Nuke 0.80", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111989223906484&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2132.json b/2005/2xxx/CVE-2005-2132.json index 72ef8b16cdf..92d522f16c7 100644 --- a/2005/2xxx/CVE-2005-2132.json +++ b/2005/2xxx/CVE-2005-2132.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050727 [NILESA-20050701] UnixWare 7.x RPC portmapper Dos Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112247187722821&w=2" - }, - { - "name" : "SCOSA-2005.31", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.31/SCOSA-2005.31.txt" - }, - { - "name" : "14360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14360" - }, - { - "name" : "16228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SCOSA-2005.31", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.31/SCOSA-2005.31.txt" + }, + { + "name": "16228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16228" + }, + { + "name": "20050727 [NILESA-20050701] UnixWare 7.x RPC portmapper Dos Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112247187722821&w=2" + }, + { + "name": "14360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14360" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3054.json b/2005/3xxx/CVE-2005-3054.json index 6283c31fef8..34a6cc9942f 100644 --- a/2005/3xxx/CVE-2005-3054.json +++ b/2005/3xxx/CVE-2005-3054.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585" - }, - { - "name" : "http://www.php.net/release_4_4_1.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_4_4_1.php" - }, - { - "name" : "GLSA-200511-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml" - }, - { - "name" : "MDKSA-2005:213", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:213" - }, - { - "name" : "TSLSA-2005-0059", - "refsource" : "TRUSTIX", - "url" : "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" - }, - { - "name" : "USN-207-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/207-1/" - }, - { - "name" : "14957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14957" - }, - { - "name" : "ADV-2005-1862", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1862" - }, - { - "name" : "ADV-2005-2254", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2254" - }, - { - "name" : "17371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17371" - }, - { - "name" : "17229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17229" - }, - { - "name" : "17510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17510" - }, - { - "name" : "17557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585" + }, + { + "name": "MDKSA-2005:213", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:213" + }, + { + "name": "TSLSA-2005-0059", + "refsource": "TRUSTIX", + "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" + }, + { + "name": "ADV-2005-1862", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1862" + }, + { + "name": "ADV-2005-2254", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2254" + }, + { + "name": "USN-207-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/207-1/" + }, + { + "name": "14957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14957" + }, + { + "name": "17371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17371" + }, + { + "name": "http://www.php.net/release_4_4_1.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_4_4_1.php" + }, + { + "name": "17510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17510" + }, + { + "name": "17557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17557" + }, + { + "name": "17229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17229" + }, + { + "name": "GLSA-200511-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3188.json b/2005/3xxx/CVE-2005-3188.json index 354ddcd6952..e65aaf107ae 100644 --- a/2005/3xxx/CVE-2005-3188.json +++ b/2005/3xxx/CVE-2005-3188.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060201 Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378" - }, - { - "name" : "16462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16462" - }, - { - "name" : "22975", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22975" - }, - { - "name" : "1015565", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015565" - }, - { - "name" : "1015621", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015621" - }, - { - "name" : "397", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/397" - }, - { - "name" : "winamp-wma-ext-bo(24417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060201 Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378" + }, + { + "name": "397", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/397" + }, + { + "name": "16462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16462" + }, + { + "name": "22975", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22975" + }, + { + "name": "winamp-wma-ext-bo(24417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24417" + }, + { + "name": "1015565", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015565" + }, + { + "name": "1015621", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015621" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3381.json b/2005/3xxx/CVE-2005-3381.json index a125715d611..d2750ddedda 100644 --- a/2005/3xxx/CVE-2005-3381.json +++ b/2005/3xxx/CVE-2005-3381.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113026417802703&w=2" - }, - { - "name" : "http://www.securityelf.org/magicbyteadv.html", - "refsource" : "MISC", - "url" : "http://www.securityelf.org/magicbyteadv.html" - }, - { - "name" : "http://www.securityelf.org/magicbyte.html", - "refsource" : "MISC", - "url" : "http://www.securityelf.org/magicbyte.html" - }, - { - "name" : "http://www.securityelf.org/updmagic.html", - "refsource" : "MISC", - "url" : "http://www.securityelf.org/updmagic.html" - }, - { - "name" : "15189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15189" + }, + { + "name": "http://www.securityelf.org/magicbyte.html", + "refsource": "MISC", + "url": "http://www.securityelf.org/magicbyte.html" + }, + { + "name": "http://www.securityelf.org/magicbyteadv.html", + "refsource": "MISC", + "url": "http://www.securityelf.org/magicbyteadv.html" + }, + { + "name": "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113026417802703&w=2" + }, + { + "name": "http://www.securityelf.org/updmagic.html", + "refsource": "MISC", + "url": "http://www.securityelf.org/updmagic.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3395.json b/2005/3xxx/CVE-2005-3395.json index 37659063d64..784ba0c9a20 100644 --- a/2005/3xxx/CVE-2005-3395.json +++ b/2005/3xxx/CVE-2005-3395.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051030 SQL In Invision Gallery 2.0.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415297" - }, - { - "name" : "15240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15240" - }, - { - "name" : "ADV-2005-2257", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2257" - }, - { - "name" : "20419", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20419" - }, - { - "name" : "17375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17375" - }, - { - "name" : "invisiongallery-index-script-sql-injection(22928)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051030 SQL In Invision Gallery 2.0.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415297" + }, + { + "name": "20419", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20419" + }, + { + "name": "17375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17375" + }, + { + "name": "15240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15240" + }, + { + "name": "invisiongallery-index-script-sql-injection(22928)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22928" + }, + { + "name": "ADV-2005-2257", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2257" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3524.json b/2005/3xxx/CVE-2005-3524.json index 478a473f214..9109d546263 100644 --- a/2005/3xxx/CVE-2005-3524.json +++ b/2005/3xxx/CVE-2005-3524.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051105 linux-ftpd-ssl 0.17 warez", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Nov/0140.html" - }, - { - "name" : "DSA-896", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-896" - }, - { - "name" : "15343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15343" - }, - { - "name" : "ADV-2005-2330", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2330" - }, - { - "name" : "20530", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20530" - }, - { - "name" : "17465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17465" - }, - { - "name" : "17529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17529" - }, - { - "name" : "17586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17586" - }, - { - "name" : "Linux-ftpd-ssl-vsprintf-bo(23016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Linux-ftpd-ssl-vsprintf-bo(23016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23016" + }, + { + "name": "17529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17529" + }, + { + "name": "20051105 linux-ftpd-ssl 0.17 warez", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Nov/0140.html" + }, + { + "name": "20530", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20530" + }, + { + "name": "17465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17465" + }, + { + "name": "17586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17586" + }, + { + "name": "ADV-2005-2330", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2330" + }, + { + "name": "15343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15343" + }, + { + "name": "DSA-896", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-896" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3775.json b/2005/3xxx/CVE-2005-3775.json index bc3de4e9903..f850019d18e 100644 --- a/2005/3xxx/CVE-2005-3775.json +++ b/2005/3xxx/CVE-2005-3775.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051114 PollVote Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113199182125058&w=2" - }, - { - "name" : "15439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15439/" - }, - { - "name" : "ADV-2005-2430", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2430" - }, - { - "name" : "17574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17574/" - }, - { - "name" : "177", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15439/" + }, + { + "name": "17574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17574/" + }, + { + "name": "20051114 PollVote Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113199182125058&w=2" + }, + { + "name": "ADV-2005-2430", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2430" + }, + { + "name": "177", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/177" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3967.json b/2005/3xxx/CVE-2005-3967.json index 49e3631074c..1125c8dc61f 100644 --- a/2005/3xxx/CVE-2005-3967.json +++ b/2005/3xxx/CVE-2005-3967.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/confluence-enterprise-wiki-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/confluence-enterprise-wiki-xss-vuln.html" - }, - { - "name" : "15688", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15688" - }, - { - "name" : "ADV-2005-2691", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2691" - }, - { - "name" : "21377", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21377" - }, - { - "name" : "17833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15688", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15688" + }, + { + "name": "21377", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21377" + }, + { + "name": "17833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17833" + }, + { + "name": "ADV-2005-2691", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2691" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/confluence-enterprise-wiki-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/confluence-enterprise-wiki-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3996.json b/2005/3xxx/CVE-2005-3996.json index 84004598038..6d860ef69ed 100644 --- a/2005/3xxx/CVE-2005-3996.json +++ b/2005/3xxx/CVE-2005-3996.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051202 Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution:", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418517/100/0/threaded" - }, - { - "name" : "20051205 = 1.2.6d blind SQL injection / remote commands execution:", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418995/100/0/threaded" - }, - { - "name" : "http://rgod.altervista.org/zencart_126d_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/zencart_126d_xpl.html" - }, - { - "name" : "15690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15690" - }, - { - "name" : "ADV-2005-2728", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2728" - }, - { - "name" : "21411", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21411" - }, - { - "name" : "1015306", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015306" - }, - { - "name" : "17869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17869" - }, - { - "name" : "forgotten-sql-injection(23510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2728", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2728" + }, + { + "name": "17869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17869" + }, + { + "name": "20051205 = 1.2.6d blind SQL injection / remote commands execution:", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418995/100/0/threaded" + }, + { + "name": "forgotten-sql-injection(23510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23510" + }, + { + "name": "1015306", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015306" + }, + { + "name": "21411", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21411" + }, + { + "name": "http://rgod.altervista.org/zencart_126d_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/zencart_126d_xpl.html" + }, + { + "name": "15690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15690" + }, + { + "name": "20051202 Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution:", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418517/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4731.json b/2005/4xxx/CVE-2005-4731.json index bf46812647b..01b5efcd2cc 100644 --- a/2005/4xxx/CVE-2005-4731.json +++ b/2005/4xxx/CVE-2005-4731.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pear.php.net/bugs/bug.php?id=3443", - "refsource" : "CONFIRM", - "url" : "http://pear.php.net/bugs/bug.php?id=3443" - }, - { - "name" : "http://pear.php.net/package/HTML_QuickForm_Controller/download", - "refsource" : "CONFIRM", - "url" : "http://pear.php.net/package/HTML_QuickForm_Controller/download" - }, - { - "name" : "23766", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pear.php.net/package/HTML_QuickForm_Controller/download", + "refsource": "CONFIRM", + "url": "http://pear.php.net/package/HTML_QuickForm_Controller/download" + }, + { + "name": "23766", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23766" + }, + { + "name": "http://pear.php.net/bugs/bug.php?id=3443", + "refsource": "CONFIRM", + "url": "http://pear.php.net/bugs/bug.php?id=3443" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4756.json b/2005/4xxx/CVE-2005-4756.json index ee90820f08a..c167ccd147d 100644 --- a/2005/4xxx/CVE-2005-4756.json +++ b/2005/4xxx/CVE-2005-4756.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA05-92.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/146" - }, - { - "name" : "15052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15052" - }, - { - "name" : "17138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA05-92.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/146" + }, + { + "name": "15052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15052" + }, + { + "name": "17138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17138" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2105.json b/2009/2xxx/CVE-2009-2105.json index ede49c45a0a..fb7c1b3693d 100644 --- a/2009/2xxx/CVE-2009-2105.json +++ b/2009/2xxx/CVE-2009-2105.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/t3references/0.1.2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/t3references/0.1.2/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/" - }, - { - "name" : "35392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35392" - }, - { - "name" : "55120", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55120" - }, - { - "name" : "35485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/t3references/0.1.2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/t3references/0.1.2/" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/" + }, + { + "name": "55120", + "refsource": "OSVDB", + "url": "http://osvdb.org/55120" + }, + { + "name": "35392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35392" + }, + { + "name": "35485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35485" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2165.json b/2009/2xxx/CVE-2009-2165.json index ab0ece5593e..76c307c1a82 100644 --- a/2009/2xxx/CVE-2009-2165.json +++ b/2009/2xxx/CVE-2009-2165.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://serenebach.net/log/sb221R.html", - "refsource" : "CONFIRM", - "url" : "http://serenebach.net/log/sb221R.html" - }, - { - "name" : "JVN#20689557", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN20689557/index.html" - }, - { - "name" : "JVNDB-2009-000035", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000035.html" - }, - { - "name" : "35254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35254" - }, - { - "name" : "35335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35335" + }, + { + "name": "JVNDB-2009-000035", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000035.html" + }, + { + "name": "35254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35254" + }, + { + "name": "JVN#20689557", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN20689557/index.html" + }, + { + "name": "http://serenebach.net/log/sb221R.html", + "refsource": "CONFIRM", + "url": "http://serenebach.net/log/sb221R.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2375.json b/2009/2xxx/CVE-2009-2375.json index 6c203d37f8d..de717beee17 100644 --- a/2009/2xxx/CVE-2009-2375.json +++ b/2009/2xxx/CVE-2009-2375.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earlier versions, allows remote attackers to execute arbitrary code via a long File_Name parameter in a .pdm file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090706 [Bkis-10-2009] Photo DVD Maker Professional Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504738/100/0/threaded" - }, - { - "name" : "http://blog.bkis.com/?p=713", - "refsource" : "MISC", - "url" : "http://blog.bkis.com/?p=713" - }, - { - "name" : "35709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35709" - }, - { - "name" : "ADV-2009-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earlier versions, allows remote attackers to execute arbitrary code via a long File_Name parameter in a .pdm file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1793" + }, + { + "name": "http://blog.bkis.com/?p=713", + "refsource": "MISC", + "url": "http://blog.bkis.com/?p=713" + }, + { + "name": "20090706 [Bkis-10-2009] Photo DVD Maker Professional Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504738/100/0/threaded" + }, + { + "name": "35709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35709" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2891.json b/2009/2xxx/CVE-2009-2891.json index 70d968fef49..7063dc5a86c 100644 --- a/2009/2xxx/CVE-2009-2891.json +++ b/2009/2xxx/CVE-2009-2891.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/riddledepot-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/riddledepot-sqlxss.txt" - }, - { - "name" : "56123", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56123" - }, - { - "name" : "35932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35932" - }, - { - "name" : "riddles-list-sql-injection(51872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0907-exploits/riddledepot-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/riddledepot-sqlxss.txt" + }, + { + "name": "56123", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56123" + }, + { + "name": "35932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35932" + }, + { + "name": "riddles-list-sql-injection(51872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51872" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3005.json b/2009/3xxx/CVE-2009-3005.json index 432f19063a9..59bb1b8edf9 100644 --- a/2009/3xxx/CVE-2009-3005.json +++ b/2009/3xxx/CVE-2009-3005.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html" - }, - { - "name" : "lunascape-windowopen-spoofing(53008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html" + }, + { + "name": "lunascape-windowopen-spoofing(53008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53008" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3348.json b/2009/3xxx/CVE-2009-3348.json index dd7a9a9bfc7..c33cd6681b1 100644 --- a/2009/3xxx/CVE-2009-3348.json +++ b/2009/3xxx/CVE-2009-3348.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9640", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9640" - }, - { - "name" : "gyro-cid-xss(53195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gyro-cid-xss(53195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53195" + }, + { + "name": "9640", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9640" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3375.json b/2009/3xxx/CVE-2009-3375.json index d6179d7d1ae..ba599c1e9ab 100644 --- a/2009/3xxx/CVE-2009-3375.json +++ b/2009/3xxx/CVE-2009-3375.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-61.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-61.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=503226", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=503226" - }, - { - "name" : "MDVSA-2009:294", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" - }, - { - "name" : "272909", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" - }, - { - "name" : "oval:org.mitre.oval:def:10440", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10440" - }, - { - "name" : "oval:org.mitre.oval:def:5935", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5935" - }, - { - "name" : "ADV-2009-3334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10440", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10440" + }, + { + "name": "272909", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" + }, + { + "name": "oval:org.mitre.oval:def:5935", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5935" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=503226", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=503226" + }, + { + "name": "ADV-2009-3334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3334" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-61.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-61.html" + }, + { + "name": "MDVSA-2009:294", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3808.json b/2009/3xxx/CVE-2009-3808.json index 8662ba32b4f..e6a45f23e35 100644 --- a/2009/3xxx/CVE-2009-3808.json +++ b/2009/3xxx/CVE-2009-3808.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9178", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9178" - }, - { - "name" : "djstudio-mp3-dos(51814)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "djstudio-mp3-dos(51814)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51814" + }, + { + "name": "9178", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9178" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4599.json b/2009/4xxx/CVE-2009-4599.json index 813923d57d8..8321c6b8f02 100644 --- a/2009/4xxx/CVE-2009-4599.json +++ b/2009/4xxx/CVE-2009-4599.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/joomlajobs-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/joomlajobs-sql.txt" - }, - { - "name" : "10366", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10366" - }, - { - "name" : "37281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37281" - }, - { - "name" : "jsjobs-index-sql-injection(54663)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10366", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10366" + }, + { + "name": "jsjobs-index-sql-injection(54663)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54663" + }, + { + "name": "37281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37281" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/joomlajobs-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/joomlajobs-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0006.json b/2015/0xxx/CVE-2015-0006.json index c404cbbe73b..09b07871ae3 100644 --- a/2015/0xxx/CVE-2015-0006.json +++ b/2015/0xxx/CVE-2015-0006.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka \"NLA Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-005", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-005" - }, - { - "name" : "71930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71930" - }, - { - "name" : "62098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62098" - }, - { - "name" : "62184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62184" - }, - { - "name" : "ms-nla-cve20150006-security-bypass(99521)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99521" - }, - { - "name" : "win-ms15kb3022777-update(99522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka \"NLA Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62184" + }, + { + "name": "MS15-005", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-005" + }, + { + "name": "71930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71930" + }, + { + "name": "win-ms15kb3022777-update(99522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99522" + }, + { + "name": "62098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62098" + }, + { + "name": "ms-nla-cve20150006-security-bypass(99521)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99521" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0136.json b/2015/0xxx/CVE-2015-0136.json index 2ecff77235d..26e1ccee716 100644 --- a/2015/0xxx/CVE-2015-0136.json +++ b/2015/0xxx/CVE-2015-0136.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020608", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020608", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020608" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0200.json b/2015/0xxx/CVE-2015-0200.json index da7ea91c372..4ce322de24c 100644 --- a/2015/0xxx/CVE-2015-0200.json +++ b/2015/0xxx/CVE-2015-0200.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902799", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902799" - }, - { - "name" : "JR50683", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50683" - }, - { - "name" : "JR52306", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52306" - }, - { - "name" : "1032392", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032392", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032392" + }, + { + "name": "JR50683", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50683" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902799", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902799" + }, + { + "name": "JR52306", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52306" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0201.json b/2015/0xxx/CVE-2015-0201.json index adb94e14ed7..3362b6578a2 100644 --- a/2015/0xxx/CVE-2015-0201.json +++ b/2015/0xxx/CVE-2015-0201.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2015-0201", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2015-0201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2015-0201", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2015-0201" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0678.json b/2015/0xxx/CVE-2015-0678.json index 1a1ece8acc5..1bef6e2ddde 100644 --- a/2015/0xxx/CVE-2015-0678.json +++ b/2015/0xxx/CVE-2015-0678.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp" - }, - { - "name" : "1032046", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032046", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032046" + }, + { + "name": "20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0820.json b/2015/0xxx/CVE-2015-0820.json index d64fb4e1b4b..f359e322b88 100644 --- a/2015/0xxx/CVE-2015-0820.json +++ b/2015/0xxx/CVE-2015-0820.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-27.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1125389", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1125389" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2015:0404", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:0570", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" - }, - { - "name" : "USN-2505-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2505-1" - }, - { - "name" : "72757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125389", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125389" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "72757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72757" + }, + { + "name": "openSUSE-SU-2015:0404", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-27.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-27.html" + }, + { + "name": "openSUSE-SU-2015:0570", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" + }, + { + "name": "USN-2505-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2505-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0865.json b/2015/0xxx/CVE-2015-0865.json index 46831b03468..68704b4cdb3 100644 --- a/2015/0xxx/CVE-2015-0865.json +++ b/2015/0xxx/CVE-2015-0865.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0865", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0865", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1068.json b/2015/1xxx/CVE-2015-1068.json index f3b3a335c23..99da58dba26 100644 --- a/2015/1xxx/CVE-2015-1068.json +++ b/2015/1xxx/CVE-2015-1068.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204560", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204560" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-03-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "1031936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "APPLE-SA-2015-03-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "1031936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031936" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "https://support.apple.com/HT204560", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204560" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1107.json b/2015/1xxx/CVE-2015-1107.json index b9fdd7652ed..358952a15ec 100644 --- a/2015/1xxx/CVE-2015-1107.json +++ b/2015/1xxx/CVE-2015-1107.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "73978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73978" - }, - { - "name" : "1032050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032050" + }, + { + "name": "73978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73978" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1246.json b/2015/1xxx/CVE-2015-1246.json index c112561bee0..bf88d992073 100644 --- a/2015/1xxx/CVE-2015-1246.json +++ b/2015/1xxx/CVE-2015-1246.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=437399", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=437399" - }, - { - "name" : "DSA-3238", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3238" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "RHSA-2015:0816", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0816.html" - }, - { - "name" : "openSUSE-SU-2015:1887", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:0748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" - }, - { - "name" : "USN-2570-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2570-1" - }, - { - "name" : "1032209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0816", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=437399", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=437399" + }, + { + "name": "USN-2570-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2570-1" + }, + { + "name": "DSA-3238", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3238" + }, + { + "name": "openSUSE-SU-2015:1887", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "1032209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032209" + }, + { + "name": "openSUSE-SU-2015:0748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4015.json b/2015/4xxx/CVE-2015-4015.json index 43781208252..29fe33b09ba 100644 --- a/2015/4xxx/CVE-2015-4015.json +++ b/2015/4xxx/CVE-2015-4015.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4015", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4015", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4124.json b/2015/4xxx/CVE-2015-4124.json index 855c9167c31..adb302573c7 100644 --- a/2015/4xxx/CVE-2015-4124.json +++ b/2015/4xxx/CVE-2015-4124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4197.json b/2015/4xxx/CVE-2015-4197.json index 9267287e600..f61e02d4ae8 100644 --- a/2015/4xxx/CVE-2015-4197.json +++ b/2015/4xxx/CVE-2015-4197.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150619 Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39421" - }, - { - "name" : "75324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75324" - }, - { - "name" : "1032675", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75324" + }, + { + "name": "20150619 Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39421" + }, + { + "name": "1032675", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032675" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4272.json b/2015/4xxx/CVE-2015-4272.json index 1906310a9f1..a7216872db5 100644 --- a/2015/4xxx/CVE-2015-4272.json +++ b/2015/4xxx/CVE-2015-4272.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150713 Cisco Unified Communications Manager ccmivr Page Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39905" - }, - { - "name" : "1032888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150713 Cisco Unified Communications Manager ccmivr Page Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39905" + }, + { + "name": "1032888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032888" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5006.json b/2015/5xxx/CVE-2015-5006.json index f195994b90a..044470cccc4 100644 --- a/2015/5xxx/CVE-2015-5006.json +++ b/2015/5xxx/CVE-2015-5006.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21969225", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21969225" - }, - { - "name" : "IV78316", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316" - }, - { - "name" : "RHSA-2016:1430", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1430" - }, - { - "name" : "RHSA-2015:2506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2506.html" - }, - { - "name" : "RHSA-2015:2507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2507.html" - }, - { - "name" : "RHSA-2015:2508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2508.html" - }, - { - "name" : "RHSA-2015:2509", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2509.html" - }, - { - "name" : "SUSE-SU-2016:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:2166", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:2168", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:2182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:2192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:2216", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:2268", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html" - }, - { - "name" : "77645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77645" - }, - { - "name" : "1034214", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:2182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" + }, + { + "name": "SUSE-SU-2015:2192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" + }, + { + "name": "IV78316", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316" + }, + { + "name": "1034214", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034214" + }, + { + "name": "RHSA-2015:2507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2507.html" + }, + { + "name": "RHSA-2016:1430", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1430" + }, + { + "name": "RHSA-2015:2506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2506.html" + }, + { + "name": "RHSA-2015:2509", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2509.html" + }, + { + "name": "SUSE-SU-2015:2166", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" + }, + { + "name": "SUSE-SU-2015:2216", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" + }, + { + "name": "77645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77645" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969225", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969225" + }, + { + "name": "SUSE-SU-2015:2268", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html" + }, + { + "name": "SUSE-SU-2015:2168", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" + }, + { + "name": "RHSA-2015:2508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2508.html" + }, + { + "name": "SUSE-SU-2016:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2190.json b/2018/2xxx/CVE-2018-2190.json index 684ab1e458b..959dd66495e 100644 --- a/2018/2xxx/CVE-2018-2190.json +++ b/2018/2xxx/CVE-2018-2190.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2190", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2190", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2214.json b/2018/2xxx/CVE-2018-2214.json index 75691b1cad8..a6b141272f9 100644 --- a/2018/2xxx/CVE-2018-2214.json +++ b/2018/2xxx/CVE-2018-2214.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2214", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2214", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2375.json b/2018/2xxx/CVE-2018-2375.json index 18314c73190..a9100da6954 100644 --- a/2018/2xxx/CVE-2018-2375.json +++ b/2018/2xxx/CVE-2018-2375.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP HANA Extended Application Services", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "1.0" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP HANA Extended Application Services", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2589129", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2589129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2589129", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2589129" + }, + { + "name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2462.json b/2018/2xxx/CVE-2018-2462.json index b4db0e92431..f619f2678b7 100644 --- a/2018/2xxx/CVE-2018-2462.json +++ b/2018/2xxx/CVE-2018-2462.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP NetWeaver BI", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "7.30" - }, - { - "version_name" : "=", - "version_value" : "7.31" - }, - { - "version_name" : "=", - "version_value" : "7.40" - }, - { - "version_name" : "=", - "version_value" : "7.41" - }, - { - "version_name" : "=", - "version_value" : "7.50" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML Validation" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver BI", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.30" + }, + { + "version_name": "=", + "version_value": "7.31" + }, + { + "version_name": "=", + "version_value": "7.40" + }, + { + "version_name": "=", + "version_value": "7.41" + }, + { + "version_name": "=", + "version_value": "7.50" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2644279", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2644279" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" - }, - { - "name" : "105326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105326" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2644279", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2644279" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" + }, + { + "name": "105326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105326" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2840.json b/2018/2xxx/CVE-2018-2840.json index 826ae586faf..b59dac5adbd 100644 --- a/2018/2xxx/CVE-2018-2840.json +++ b/2018/2xxx/CVE-2018-2840.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Retail Xstore Point of Service", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "6.5.11" - }, - { - "version_affected" : "=", - "version_value" : "7.0.6" - }, - { - "version_affected" : "=", - "version_value" : "7.1.6" - }, - { - "version_affected" : "=", - "version_value" : "15.0.1" - }, - { - "version_affected" : "=", - "version_value" : "16.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Supported versions that are affected are 6.5.11, 7.0.6, 7.1.6, 15.0.1 and 16.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Xstore Point of Service", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.5.11" + }, + { + "version_affected": "=", + "version_value": "7.0.6" + }, + { + "version_affected": "=", + "version_value": "7.1.6" + }, + { + "version_affected": "=", + "version_value": "15.0.1" + }, + { + "version_affected": "=", + "version_value": "16.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Supported versions that are affected are 6.5.11, 7.0.6, 7.1.6, 15.0.1 and 16.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103786" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3328.json b/2018/3xxx/CVE-2018-3328.json index c8d9e55dbe8..5d827c3e423 100644 --- a/2018/3xxx/CVE-2018-3328.json +++ b/2018/3xxx/CVE-2018-3328.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3328", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3328", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3769.json b/2018/3xxx/CVE-2018-3769.json index 4b02749439c..685b731a763 100644 --- a/2018/3xxx/CVE-2018-3769.json +++ b/2018/3xxx/CVE-2018-3769.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ruby-grape ruby gem", - "version" : { - "version_data" : [ - { - "version_value" : ">= 1.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Ruby Grape" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via \"format\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Generic (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ruby-grape ruby gem", + "version": { + "version_data": [ + { + "version_value": ">= 1.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Ruby Grape" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ruby-grape/grape/commit/6876b71efc7b03f7ce1be3f075eaa4e7e6de19af", - "refsource" : "CONFIRM", - "url" : "https://github.com/ruby-grape/grape/commit/6876b71efc7b03f7ce1be3f075eaa4e7e6de19af" - }, - { - "name" : "https://github.com/ruby-grape/grape/issues/1762", - "refsource" : "CONFIRM", - "url" : "https://github.com/ruby-grape/grape/issues/1762" - }, - { - "name" : "https://github.com/ruby-grape/grape/pull/1763", - "refsource" : "CONFIRM", - "url" : "https://github.com/ruby-grape/grape/pull/1763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via \"format\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ruby-grape/grape/commit/6876b71efc7b03f7ce1be3f075eaa4e7e6de19af", + "refsource": "CONFIRM", + "url": "https://github.com/ruby-grape/grape/commit/6876b71efc7b03f7ce1be3f075eaa4e7e6de19af" + }, + { + "name": "https://github.com/ruby-grape/grape/issues/1762", + "refsource": "CONFIRM", + "url": "https://github.com/ruby-grape/grape/issues/1762" + }, + { + "name": "https://github.com/ruby-grape/grape/pull/1763", + "refsource": "CONFIRM", + "url": "https://github.com/ruby-grape/grape/pull/1763" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6192.json b/2018/6xxx/CVE-2018-6192.json index eb0c1419a22..ad675f3aaab 100644 --- a/2018/6xxx/CVE-2018-6192.json +++ b/2018/6xxx/CVE-2018-6192.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698916", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698916" - }, - { - "name" : "DSA-4334", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4334" - }, - { - "name" : "GLSA-201811-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-15" - }, - { - "name" : "102822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201811-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-15" + }, + { + "name": "DSA-4334", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4334" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=698916", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698916" + }, + { + "name": "102822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102822" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6252.json b/2018/6xxx/CVE-2018-6252.json index f15144dc810..7f6af896a05 100644 --- a/2018/6xxx/CVE-2018-6252.json +++ b/2018/6xxx/CVE-2018-6252.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2018-03-28T00:00:00", - "ID" : "CVE-2018-6252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2018-03-28T00:00:00", + "ID": "CVE-2018-6252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4649", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4649", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4649" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6357.json b/2018/6xxx/CVE-2018-6357.json index 0dadcc1639c..ee3184b6a6f 100644 --- a/2018/6xxx/CVE-2018-6357.json +++ b/2018/6xxx/CVE-2018-6357.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.openwall.net/full-disclosure/2018/01/10/8", - "refsource" : "MISC", - "url" : "http://lists.openwall.net/full-disclosure/2018/01/10/8" - }, - { - "name" : "https://wordpress.org/plugins/acurax-social-media-widget/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/acurax-social-media-widget/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.openwall.net/full-disclosure/2018/01/10/8", + "refsource": "MISC", + "url": "http://lists.openwall.net/full-disclosure/2018/01/10/8" + }, + { + "name": "https://wordpress.org/plugins/acurax-social-media-widget/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/acurax-social-media-widget/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6565.json b/2018/6xxx/CVE-2018-6565.json index eb084a8ae59..8b1a5c31180 100644 --- a/2018/6xxx/CVE-2018-6565.json +++ b/2018/6xxx/CVE-2018-6565.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6565", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6565", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7336.json b/2018/7xxx/CVE-2018-7336.json index 60363528fce..71d5aa61be1 100644 --- a/2018/7xxx/CVE-2018-7336.json +++ b/2018/7xxx/CVE-2018-7336.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180418 [SECURITY] [DLA 1353-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html" - }, - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14374", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14374" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b56f598f1bc04f5d00f13b38c713763928cedb7c", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b56f598f1bc04f5d00f13b38c713763928cedb7c" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-09.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-09.html" - }, - { - "name" : "103166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180418 [SECURITY] [DLA 1353-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html" + }, + { + "name": "103166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103166" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14374", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14374" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-09.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-09.html" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b56f598f1bc04f5d00f13b38c713763928cedb7c", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b56f598f1bc04f5d00f13b38c713763928cedb7c" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7865.json b/2018/7xxx/CVE-2018-7865.json index 9895ff34c58..8ff231211bd 100644 --- a/2018/7xxx/CVE-2018-7865.json +++ b/2018/7xxx/CVE-2018-7865.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7865", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7865", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7986.json b/2018/7xxx/CVE-2018-7986.json index fddbe9f3bda..5153eb1d1b1 100644 --- a/2018/7xxx/CVE-2018-7986.json +++ b/2018/7xxx/CVE-2018-7986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7986", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7986", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file