From be852590e475580e3a476f4cb4b9b2aa738f2b18 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:51:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0461.json | 140 ++++++++++----------- 2002/2xxx/CVE-2002-2401.json | 160 ++++++++++++------------ 2005/0xxx/CVE-2005-0171.json | 34 ++--- 2005/0xxx/CVE-2005-0498.json | 130 +++++++++---------- 2005/0xxx/CVE-2005-0513.json | 140 ++++++++++----------- 2005/0xxx/CVE-2005-0747.json | 120 +++++++++--------- 2005/0xxx/CVE-2005-0884.json | 130 +++++++++---------- 2005/1xxx/CVE-2005-1007.json | 150 +++++++++++----------- 2005/1xxx/CVE-2005-1305.json | 120 +++++++++--------- 2005/1xxx/CVE-2005-1320.json | 140 ++++++++++----------- 2005/1xxx/CVE-2005-1559.json | 170 ++++++++++++------------- 2005/1xxx/CVE-2005-1872.json | 160 ++++++++++++------------ 2005/4xxx/CVE-2005-4526.json | 150 +++++++++++----------- 2005/4xxx/CVE-2005-4550.json | 170 ++++++++++++------------- 2005/4xxx/CVE-2005-4758.json | 140 ++++++++++----------- 2009/0xxx/CVE-2009-0192.json | 190 ++++++++++++++-------------- 2009/0xxx/CVE-2009-0226.json | 190 ++++++++++++++-------------- 2009/0xxx/CVE-2009-0449.json | 180 +++++++++++++-------------- 2009/1xxx/CVE-2009-1223.json | 130 +++++++++---------- 2009/1xxx/CVE-2009-1282.json | 190 ++++++++++++++-------------- 2009/1xxx/CVE-2009-1828.json | 220 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1973.json | 180 +++++++++++++-------------- 2009/4xxx/CVE-2009-4089.json | 180 +++++++++++++-------------- 2009/4xxx/CVE-2009-4097.json | 160 ++++++++++++------------ 2009/4xxx/CVE-2009-4152.json | 160 ++++++++++++------------ 2009/4xxx/CVE-2009-4249.json | 170 ++++++++++++------------- 2009/4xxx/CVE-2009-4848.json | 140 ++++++++++----------- 2009/4xxx/CVE-2009-4895.json | 210 +++++++++++++++---------------- 2009/5xxx/CVE-2009-5140.json | 34 ++--- 2012/2xxx/CVE-2012-2065.json | 200 +++++++++++++++--------------- 2012/2xxx/CVE-2012-2612.json | 160 ++++++++++++------------ 2012/2xxx/CVE-2012-2671.json | 190 ++++++++++++++-------------- 2012/3xxx/CVE-2012-3566.json | 130 +++++++++---------- 2012/3xxx/CVE-2012-3736.json | 130 +++++++++---------- 2012/6xxx/CVE-2012-6178.json | 34 ++--- 2012/6xxx/CVE-2012-6560.json | 140 ++++++++++----------- 2012/6xxx/CVE-2012-6706.json | 210 +++++++++++++++---------------- 2015/5xxx/CVE-2015-5155.json | 34 ++--- 2015/5xxx/CVE-2015-5222.json | 120 +++++++++--------- 2015/5xxx/CVE-2015-5365.json | 130 +++++++++---------- 2015/5xxx/CVE-2015-5841.json | 190 ++++++++++++++-------------- 2018/11xxx/CVE-2018-11239.json | 120 +++++++++--------- 2018/11xxx/CVE-2018-11426.json | 34 ++--- 2018/11xxx/CVE-2018-11745.json | 34 ++--- 2018/11xxx/CVE-2018-11808.json | 150 +++++++++++----------- 2018/14xxx/CVE-2018-14039.json | 34 ++--- 2018/15xxx/CVE-2018-15293.json | 34 ++--- 2018/15xxx/CVE-2018-15426.json | 166 ++++++++++++------------- 2018/15xxx/CVE-2018-15725.json | 34 ++--- 2018/15xxx/CVE-2018-15951.json | 140 ++++++++++----------- 2018/3xxx/CVE-2018-3345.json | 34 ++--- 2018/8xxx/CVE-2018-8018.json | 148 +++++++++++----------- 2018/8xxx/CVE-2018-8048.json | 140 ++++++++++----------- 2018/8xxx/CVE-2018-8104.json | 120 +++++++++--------- 2018/8xxx/CVE-2018-8359.json | 140 ++++++++++----------- 2018/8xxx/CVE-2018-8575.json | 210 +++++++++++++++---------------- 56 files changed, 3797 insertions(+), 3797 deletions(-) diff --git a/2002/0xxx/CVE-2002-0461.json b/2002/0xxx/CVE-2002-0461.json index 5b503b87cd1..db77c71c356 100644 --- a/2002/0xxx/CVE-2002-0461.json +++ b/2002/0xxx/CVE-2002-0461.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020318 Javascript loop causes IE to crash", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/262994" - }, - { - "name" : "4322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4322" - }, - { - "name" : "ie-javascript-dos(8488)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8488.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4322" + }, + { + "name": "20020318 Javascript loop causes IE to crash", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/262994" + }, + { + "name": "ie-javascript-dos(8488)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8488.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2401.json b/2002/2xxx/CVE-2002-2401.json index c5402036208..558f482b74b 100644 --- a/2002/2xxx/CVE-2002-2401.json +++ b/2002/2xxx/CVE-2002-2401.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020918 Execution Rights Not Checked Correctly For 16-bit Applications", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html" - }, - { - "name" : "http://www.abtrusion.com/msexe16.asp", - "refsource" : "MISC", - "url" : "http://www.abtrusion.com/msexe16.asp" - }, - { - "name" : "319458", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];319458" - }, - { - "name" : "5740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5740" - }, - { - "name" : "win-execute-permissions-16bit(10132)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10132.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win-execute-permissions-16bit(10132)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10132.php" + }, + { + "name": "20020918 Execution Rights Not Checked Correctly For 16-bit Applications", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html" + }, + { + "name": "5740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5740" + }, + { + "name": "http://www.abtrusion.com/msexe16.asp", + "refsource": "MISC", + "url": "http://www.abtrusion.com/msexe16.asp" + }, + { + "name": "319458", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];319458" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0171.json b/2005/0xxx/CVE-2005-0171.json index e0064db3773..a8af176d718 100644 --- a/2005/0xxx/CVE-2005-0171.json +++ b/2005/0xxx/CVE-2005-0171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0171", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-0171", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0498.json b/2005/0xxx/CVE-2005-0498.json index cac651c8ca9..d445b141cad 100644 --- a/2005/0xxx/CVE-2005-0498.json +++ b/2005/0xxx/CVE-2005-0498.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gigafast router (aka CompUSA router) allows remote attackers to gain sensitive information and bypass the login page via a direct request to backup.cfg, which reveals the administrator password in plaintext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050220 Gigafast/CompUSA router (model EE400-R) vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110900986022760&w=2" - }, - { - "name" : "gigafast-backupcfg-plaintext-password(19422)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gigafast router (aka CompUSA router) allows remote attackers to gain sensitive information and bypass the login page via a direct request to backup.cfg, which reveals the administrator password in plaintext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050220 Gigafast/CompUSA router (model EE400-R) vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110900986022760&w=2" + }, + { + "name": "gigafast-backupcfg-plaintext-password(19422)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19422" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0513.json b/2005/0xxx/CVE-2005-0513.json index 55b4d80a8c3..dca33db33ce 100644 --- a/2005/0xxx/CVE-2005-0513.json +++ b/2005/0xxx/CVE-2005-0513.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050219 pMachine Pro / pMachine Free Remote Code Execution", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110883604531802&w=2" - }, - { - "name" : "12597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12597" - }, - { - "name" : "15473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12597" + }, + { + "name": "15473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15473" + }, + { + "name": "20050219 pMachine Pro / pMachine Free Remote Code Execution", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110883604531802&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0747.json b/2005/0xxx/CVE-2005-0747.json index 8bda7608dd2..77eaa012837 100644 --- a/2005/0xxx/CVE-2005-0747.json +++ b/2005/0xxx/CVE-2005-0747.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1013400", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013400", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013400" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0884.json b/2005/0xxx/CVE-2005-0884.json index 6ea931fae76..fe89e6c308b 100644 --- a/2005/0xxx/CVE-2005-0884.json +++ b/2005/0xxx/CVE-2005-0884.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1013516", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013516" - }, - { - "name" : "digitalhive-reinstall(19802)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013516", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013516" + }, + { + "name": "digitalhive-reinstall(19802)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19802" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1007.json b/2005/1xxx/CVE-2005-1007.json index 4644ee16818..31cd730d18e 100644 --- a/2005/1xxx/CVE-2005-1007.json +++ b/2005/1xxx/CVE-2005-1007.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.stalker.com/CommuniGatePro/History.html", - "refsource" : "CONFIRM", - "url" : "http://www.stalker.com/CommuniGatePro/History.html" - }, - { - "name" : "15257", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15257" - }, - { - "name" : "14604", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14604" - }, - { - "name" : "communigatepro-list-dos(19961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14604", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14604" + }, + { + "name": "15257", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15257" + }, + { + "name": "http://www.stalker.com/CommuniGatePro/History.html", + "refsource": "CONFIRM", + "url": "http://www.stalker.com/CommuniGatePro/History.html" + }, + { + "name": "communigatepro-list-dos(19961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19961" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1305.json b/2005/1xxx/CVE-2005-1305.json index c822357e3fc..06c1c5b43f4 100644 --- a/2005/1xxx/CVE-2005-1305.json +++ b/2005/1xxx/CVE-2005-1305.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050424 hyper.cgi script file show bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111445410220152&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050424 hyper.cgi script file show bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111445410220152&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1320.json b/2005/1xxx/CVE-2005-1320.json index 63e9c50925a..74da67d3d79 100644 --- a/2005/1xxx/CVE-2005-1320.json +++ b/2005/1xxx/CVE-2005-1320.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mnemo] 20050422 Mnemo 1.1.4 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/mnemo/Week-of-Mon-20050418/000166.html" - }, - { - "name" : "http://cvs.horde.org/diff.php/mnemo/docs/CHANGES?r1=1.4.2.31&r2=1.4.2.33&ty=h", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/diff.php/mnemo/docs/CHANGES?r1=1.4.2.31&r2=1.4.2.33&ty=h" - }, - { - "name" : "15078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvs.horde.org/diff.php/mnemo/docs/CHANGES?r1=1.4.2.31&r2=1.4.2.33&ty=h", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/diff.php/mnemo/docs/CHANGES?r1=1.4.2.31&r2=1.4.2.33&ty=h" + }, + { + "name": "[mnemo] 20050422 Mnemo 1.1.4 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/mnemo/Week-of-Mon-20050418/000166.html" + }, + { + "name": "15078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15078" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1559.json b/2005/1xxx/CVE-2005-1559.json index 1a18c6f9e65..6474fd3a369 100644 --- a/2005/1xxx/CVE-2005-1559.json +++ b/2005/1xxx/CVE-2005-1559.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050511 [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111585017832066&w=2" - }, - { - "name" : "20050510 [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033945.html" - }, - { - "name" : "16448", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16448" - }, - { - "name" : "16449", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16449" - }, - { - "name" : "15150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15150" - }, - { - "name" : "nexusway-web-command-execution(20557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15150" + }, + { + "name": "20050511 [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111585017832066&w=2" + }, + { + "name": "nexusway-web-command-execution(20557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20557" + }, + { + "name": "20050510 [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033945.html" + }, + { + "name": "16449", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16449" + }, + { + "name": "16448", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16448" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1872.json b/2005/1xxx/CVE-2005-1872.json index 3dab4734932..03ab59a8693 100644 --- a/2005/1xxx/CVE-2005-1872.json +++ b/2005/1xxx/CVE-2005-1872.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050607 [AppSecInc Advisory WEBSP05-V0098] Remote Buffer overflow in WebSphere Application Server Administrative Console", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111817727120752&w=2" - }, - { - "name" : "http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html", - "refsource" : "MISC", - "url" : "http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775", - "refsource" : "MISC", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775" - }, - { - "name" : "17041", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17041" - }, - { - "name" : "15598", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15598/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17041", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17041" + }, + { + "name": "15598", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15598/" + }, + { + "name": "http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html", + "refsource": "MISC", + "url": "http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775", + "refsource": "MISC", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775" + }, + { + "name": "20050607 [AppSecInc Advisory WEBSP05-V0098] Remote Buffer overflow in WebSphere Application Server Administrative Console", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111817727120752&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4526.json b/2005/4xxx/CVE-2005-4526.json index d935b2013ae..56e101c2c69 100644 --- a/2005/4xxx/CVE-2005-4526.json +++ b/2005/4xxx/CVE-2005-4526.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 Digital Armaments Security Advisory 12.20.2005: WEBsweeper/MIMEsweeper Executable File Content Check bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419904/100/0/threaded" - }, - { - "name" : "http://www.digitalarmaments.com/2005161283546323.html", - "refsource" : "MISC", - "url" : "http://www.digitalarmaments.com/2005161283546323.html" - }, - { - "name" : "15982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15982/" - }, - { - "name" : "mimesweeper-attachment-filter-bypass(23867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mimesweeper-attachment-filter-bypass(23867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23867" + }, + { + "name": "20051220 Digital Armaments Security Advisory 12.20.2005: WEBsweeper/MIMEsweeper Executable File Content Check bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419904/100/0/threaded" + }, + { + "name": "http://www.digitalarmaments.com/2005161283546323.html", + "refsource": "MISC", + "url": "http://www.digitalarmaments.com/2005161283546323.html" + }, + { + "name": "15982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15982/" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4550.json b/2005/4xxx/CVE-2005-4550.json index a5eea79e04f..21888ce5b56 100644 --- a/2005/4xxx/CVE-2005-4550.json +++ b/2005/4xxx/CVE-2005-4550.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051223 SEC Consult SA-20051223-1 :: File Disclosure using df_next_page parameter in OracleAS Discussion Forum Portlet", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113532633229270&w=2" - }, - { - "name" : "16048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16048" - }, - { - "name" : "ADV-2005-3085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3085" - }, - { - "name" : "1015406", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015406" - }, - { - "name" : "297", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/297" - }, - { - "name" : "oracle-forum-portlet-obtain-information(23813)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051223 SEC Consult SA-20051223-1 :: File Disclosure using df_next_page parameter in OracleAS Discussion Forum Portlet", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113532633229270&w=2" + }, + { + "name": "oracle-forum-portlet-obtain-information(23813)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23813" + }, + { + "name": "ADV-2005-3085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3085" + }, + { + "name": "1015406", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015406" + }, + { + "name": "16048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16048" + }, + { + "name": "297", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/297" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4758.json b/2005/4xxx/CVE-2005-4758.json index 390e1386606..965da4c9721 100644 --- a/2005/4xxx/CVE-2005-4758.json +++ b/2005/4xxx/CVE-2005-4758.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an \"internal servlet\" accessed through HTTP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA05-94.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/148" - }, - { - "name" : "15052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15052" - }, - { - "name" : "17138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an \"internal servlet\" accessed through HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA05-94.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/148" + }, + { + "name": "15052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15052" + }, + { + "name": "17138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17138" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0192.json b/2009/0xxx/CVE-2009-0192.json index 1851e8e84c6..8ff6f389072 100644 --- a/2009/0xxx/CVE-2009-0192.json +++ b/2009/0xxx/CVE-2009-0192.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-0192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090714 Secunia Research: Novell eDirectory iMonitor \"Accept-Language\" Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504924/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-13/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-13/" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=3426981", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=3426981" - }, - { - "name" : "35666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35666" - }, - { - "name" : "55847", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55847" - }, - { - "name" : "34160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34160" - }, - { - "name" : "ADV-2009-1883", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1883" - }, - { - "name" : "edirectory-imonitor-acceptlanguage-bo(51703)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34160" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=3426981", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=3426981" + }, + { + "name": "edirectory-imonitor-acceptlanguage-bo(51703)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51703" + }, + { + "name": "20090714 Secunia Research: Novell eDirectory iMonitor \"Accept-Language\" Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504924/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2009-13/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-13/" + }, + { + "name": "55847", + "refsource": "OSVDB", + "url": "http://osvdb.org/55847" + }, + { + "name": "35666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35666" + }, + { + "name": "ADV-2009-1883", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1883" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0226.json b/2009/0xxx/CVE-2009-0226.json index 6d675b62c60..1281d8cd59b 100644 --- a/2009/0xxx/CVE-2009-0226.json +++ b/2009/0xxx/CVE-2009-0226.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka \"Legacy File Format Vulnerability,\" a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090512 Microsoft PowerPoint 4.2 Conversion Filter Stack Overflow", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=789" - }, - { - "name" : "MS09-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017" - }, - { - "name" : "TA09-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-132A.html" - }, - { - "name" : "34881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34881" - }, - { - "name" : "oval:org.mitre.oval:def:6106", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6106" - }, - { - "name" : "1022205", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022205" - }, - { - "name" : "32428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32428" - }, - { - "name" : "ADV-2009-1290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka \"Legacy File Format Vulnerability,\" a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34881" + }, + { + "name": "32428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32428" + }, + { + "name": "ADV-2009-1290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1290" + }, + { + "name": "MS09-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017" + }, + { + "name": "oval:org.mitre.oval:def:6106", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6106" + }, + { + "name": "1022205", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022205" + }, + { + "name": "20090512 Microsoft PowerPoint 4.2 Conversion Filter Stack Overflow", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=789" + }, + { + "name": "TA09-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0449.json b/2009/0xxx/CVE-2009-0449.json index 2f7b84f6430..c6c52e73e6a 100644 --- a/2009/0xxx/CVE-2009-0449.json +++ b/2009/0xxx/CVE-2009-0449.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090202 [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500606/100/0/threaded" - }, - { - "name" : "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip", - "refsource" : "MISC", - "url" : "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip" - }, - { - "name" : "http://www.reversemode.com/index.php?option=com_content&task=view&id=60&Itemid=1", - "refsource" : "MISC", - "url" : "http://www.reversemode.com/index.php?option=com_content&task=view&id=60&Itemid=1" - }, - { - "name" : "http://www.wintercore.com/advisories/advisory_W020209.html", - "refsource" : "MISC", - "url" : "http://www.wintercore.com/advisories/advisory_W020209.html" - }, - { - "name" : "33561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33561" - }, - { - "name" : "1021661", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021661" - }, - { - "name" : "33788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.reversemode.com/index.php?option=com_content&task=view&id=60&Itemid=1", + "refsource": "MISC", + "url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=60&Itemid=1" + }, + { + "name": "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip", + "refsource": "MISC", + "url": "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip" + }, + { + "name": "1021661", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021661" + }, + { + "name": "http://www.wintercore.com/advisories/advisory_W020209.html", + "refsource": "MISC", + "url": "http://www.wintercore.com/advisories/advisory_W020209.html" + }, + { + "name": "20090202 [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500606/100/0/threaded" + }, + { + "name": "33561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33561" + }, + { + "name": "33788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33788" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1223.json b/2009/1xxx/CVE-2009-1223.json index 0e2e7e74dbd..3b5cb78ad02 100644 --- a/2009/1xxx/CVE-2009-1223.json +++ b/2009/1xxx/CVE-2009-1223.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090331 aspWebCalendar Free Edition bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502311/100/0/threaded" - }, - { - "name" : "aspwebcalendar-calendar-info-disclosure(49885)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspwebcalendar-calendar-info-disclosure(49885)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49885" + }, + { + "name": "20090331 aspWebCalendar Free Edition bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502311/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1282.json b/2009/1xxx/CVE-2009-1282.json index 98c278ea7d6..856db64662a 100644 --- a/2009/1xxx/CVE-2009-1282.json +++ b/2009/1xxx/CVE-2009-1282.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090403 glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=123877379105028&w=2" - }, - { - "name" : "8347", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8347" - }, - { - "name" : "http://retrogod.altervista.org/9sg_glfuso_sql_cookies.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/9sg_glfuso_sql_cookies.html" - }, - { - "name" : "http://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew", - "refsource" : "CONFIRM", - "url" : "http://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew" - }, - { - "name" : "34361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34361" - }, - { - "name" : "53286", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53286" - }, - { - "name" : "34575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34575" - }, - { - "name" : "glfusion-libsession-sql-injection(49652)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8347", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8347" + }, + { + "name": "http://retrogod.altervista.org/9sg_glfuso_sql_cookies.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/9sg_glfuso_sql_cookies.html" + }, + { + "name": "34575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34575" + }, + { + "name": "34361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34361" + }, + { + "name": "53286", + "refsource": "OSVDB", + "url": "http://osvdb.org/53286" + }, + { + "name": "20090403 glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=123877379105028&w=2" + }, + { + "name": "glfusion-libsession-sql-injection(49652)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49652" + }, + { + "name": "http://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew", + "refsource": "CONFIRM", + "url": "http://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1828.json b/2009/1xxx/CVE-2009-1828.json index 3aa584d8d9c..05fab2631c4 100644 --- a/2009/1xxx/CVE-2009-1828.json +++ b/2009/1xxx/CVE-2009-1828.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090528 [TZO-27-2009] Firefox Denial of Service (Keygen)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503876/100/0/threaded" - }, - { - "name" : "20090908 Re: DoS vulnerability in Google Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506328/100/100/threaded" - }, - { - "name" : "20090527 [TZO-27-2009] Firefox Denial of Service (Keygen)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0247.html" - }, - { - "name" : "20090528 Re: [TZO-27-2009] Firefox Denial of Service (Keygen)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0263.html" - }, - { - "name" : "8822", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8822" - }, - { - "name" : "http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html", - "refsource" : "MISC", - "url" : "http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=469565", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=469565" - }, - { - "name" : "http://websecurity.com.ua/3194/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/3194/" - }, - { - "name" : "35132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35132" - }, - { - "name" : "oval:org.mitre.oval:def:5928", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5928" - }, - { - "name" : "firefox-keygen-dos(50838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090528 Re: [TZO-27-2009] Firefox Denial of Service (Keygen)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0263.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=469565", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=469565" + }, + { + "name": "firefox-keygen-dos(50838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50838" + }, + { + "name": "20090908 Re: DoS vulnerability in Google Chrome", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506328/100/100/threaded" + }, + { + "name": "oval:org.mitre.oval:def:5928", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5928" + }, + { + "name": "8822", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8822" + }, + { + "name": "20090527 [TZO-27-2009] Firefox Denial of Service (Keygen)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0247.html" + }, + { + "name": "http://websecurity.com.ua/3194/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/3194/" + }, + { + "name": "35132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35132" + }, + { + "name": "20090528 [TZO-27-2009] Firefox Denial of Service (Keygen)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503876/100/0/threaded" + }, + { + "name": "http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html", + "refsource": "MISC", + "url": "http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1973.json b/2009/1xxx/CVE-2009-1973.json index 6ecaa1fc9fe..76e52c1d094 100644 --- a/2009/1xxx/CVE-2009-1973.json +++ b/2009/1xxx/CVE-2009-1973.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Virtual Private Database component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to VPD policies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "35687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35687" - }, - { - "name" : "55890", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55890" - }, - { - "name" : "1022560", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022560" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "ADV-2009-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1900" - }, - { - "name" : "oracle-db-vpd-unspecified(51757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Virtual Private Database component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to VPD policies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "35687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35687" + }, + { + "name": "ADV-2009-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1900" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "55890", + "refsource": "OSVDB", + "url": "http://osvdb.org/55890" + }, + { + "name": "1022560", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022560" + }, + { + "name": "oracle-db-vpd-unspecified(51757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51757" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4089.json b/2009/4xxx/CVE-2009-4089.json index c082804f92c..c3cb7be7bb7 100644 --- a/2009/4xxx/CVE-2009-4089.json +++ b/2009/4xxx/CVE-2009-4089.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt" - }, - { - "name" : "9483", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9483" - }, - { - "name" : "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/", - "refsource" : "CONFIRM", - "url" : "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/" - }, - { - "name" : "60214", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60214" - }, - { - "name" : "60215", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60215" - }, - { - "name" : "37391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37391" - }, - { - "name" : "teleparkwiki-page-comment-security-bypass(54329)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/", + "refsource": "CONFIRM", + "url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/" + }, + { + "name": "9483", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9483" + }, + { + "name": "60215", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60215" + }, + { + "name": "37391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37391" + }, + { + "name": "teleparkwiki-page-comment-security-bypass(54329)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54329" + }, + { + "name": "60214", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60214" + }, + { + "name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4097.json b/2009/4xxx/CVE-2009-4097.json index 7a0a00be43f..eeec6198ecc 100644 --- a/2009/4xxx/CVE-2009-4097.json +++ b/2009/4xxx/CVE-2009-4097.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0911-exploits/serenityaudio-overflow.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0911-exploits/serenityaudio-overflow.txt" - }, - { - "name" : "10226", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10226" - }, - { - "name" : "60503", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60503" - }, - { - "name" : "37472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37472" - }, - { - "name" : "serenity-m3u-bo(54430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0911-exploits/serenityaudio-overflow.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0911-exploits/serenityaudio-overflow.txt" + }, + { + "name": "37472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37472" + }, + { + "name": "10226", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10226" + }, + { + "name": "60503", + "refsource": "OSVDB", + "url": "http://osvdb.org/60503" + }, + { + "name": "serenity-m3u-bo(54430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54430" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4152.json b/2009/4xxx/CVE-2009-4152.json index 76c432f4e16..1020f0dd36c 100644 --- a/2009/4xxx/CVE-2009-4152.json +++ b/2009/4xxx/CVE-2009-4152.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014411", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014411" - }, - { - "name" : "PK93429", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429" - }, - { - "name" : "37159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37159" - }, - { - "name" : "37526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37526" - }, - { - "name" : "ADV-2009-3367", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PK93429", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429" + }, + { + "name": "ADV-2009-3367", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3367" + }, + { + "name": "37159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37159" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411" + }, + { + "name": "37526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37526" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4249.json b/2009/4xxx/CVE-2009-4249.json index ea41bda74ff..691340eedbb 100644 --- a/2009/4xxx/CVE-2009-4249.json +++ b/2009/4xxx/CVE-2009-4249.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507782/100/0/threaded" - }, - { - "name" : "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt", - "refsource" : "MISC", - "url" : "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt" - }, - { - "name" : "36971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36971" - }, - { - "name" : "cutenews-index-xss(54220)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54220" - }, - { - "name" : "cutenews-lastusername-xss(54219)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54219" - }, - { - "name" : "cutenews-search-xss(54222)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cutenews-search-xss(54222)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54222" + }, + { + "name": "cutenews-index-xss(54220)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54220" + }, + { + "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt", + "refsource": "MISC", + "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt" + }, + { + "name": "cutenews-lastusername-xss(54219)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54219" + }, + { + "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded" + }, + { + "name": "36971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36971" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4848.json b/2009/4xxx/CVE-2009-4848.json index 3e701aad949..808cbc1da6e 100644 --- a/2009/4xxx/CVE-2009-4848.json +++ b/2009/4xxx/CVE-2009-4848.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) userId parameter to tvserver/server/user/setPermissions.jsp, (2) deptName parameter to tvserver/server/user/addDepartment.jsp, (3) ID parameter to tvserver/server/inventory/inventoryTabs.jsp, (4) reportName parameter to tvserver/reports/virtualIQAdminReports.do, or (5) middleName parameter in a save action to tvserver/user/user.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507729/100/0/threaded" - }, - { - "name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", - "refsource" : "MISC", - "url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" - }, - { - "name" : "37359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) userId parameter to tvserver/server/user/setPermissions.jsp, (2) deptName parameter to tvserver/server/user/addDepartment.jsp, (3) ID parameter to tvserver/server/inventory/inventoryTabs.jsp, (4) reportName parameter to tvserver/reports/virtualIQAdminReports.do, or (5) middleName parameter in a save action to tvserver/user/user.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37359" + }, + { + "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded" + }, + { + "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", + "refsource": "MISC", + "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4895.json b/2009/4xxx/CVE-2009-4895.json index 4e792b607d8..ae0179101f1 100644 --- a/2009/4xxx/CVE-2009-4895.json +++ b/2009/4xxx/CVE-2009-4895.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100615 CVE Request - kernel: put_tty_queue NULL pointer deref", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/15/2" - }, - { - "name" : "[oss-security] 20100615 Re: CVE Request - kernel: put_tty_queue NULL pointer deref", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/15/3" - }, - { - "name" : "[oss-security] 20100615 Re: CVE Request - kernel: put_tty_queue NULL pointer deref", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/15/4" - }, - { - "name" : "[oss-security] 20100615 Re: CVE Request - kernel: put_tty_queue NULL pointer deref", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/15/5" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=703625118069f9f8960d356676662d3db5a9d116", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=703625118069f9f8960d356676662d3db5a9d116" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.6" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=14605", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=14605" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=559100", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=559100" - }, - { - "name" : "DSA-2094", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2094" - }, - { - "name" : "USN-1000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1000-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100615 Re: CVE Request - kernel: put_tty_queue NULL pointer deref", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/15/5" + }, + { + "name": "USN-1000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1000-1" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=14605", + "refsource": "CONFIRM", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=14605" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.6" + }, + { + "name": "[oss-security] 20100615 CVE Request - kernel: put_tty_queue NULL pointer deref", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/15/2" + }, + { + "name": "[oss-security] 20100615 Re: CVE Request - kernel: put_tty_queue NULL pointer deref", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/15/3" + }, + { + "name": "[oss-security] 20100615 Re: CVE Request - kernel: put_tty_queue NULL pointer deref", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/15/4" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=703625118069f9f8960d356676662d3db5a9d116", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=703625118069f9f8960d356676662d3db5a9d116" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=559100", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559100" + }, + { + "name": "DSA-2094", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2094" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5140.json b/2009/5xxx/CVE-2009-5140.json index f486ae2a89f..1a429fcc517 100644 --- a/2009/5xxx/CVE-2009-5140.json +++ b/2009/5xxx/CVE-2009-5140.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5140", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5140", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2065.json b/2012/2xxx/CVE-2012-2065.json index fbbc27accd4..38b3f507c53 100644 --- a/2012/2xxx/CVE-2012-2065.json +++ b/2012/2xxx/CVE-2012-2065.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1482428", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1482428" - }, - { - "name" : "http://drupal.org/node/1482136", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1482136" - }, - { - "name" : "http://drupal.org/node/1482144", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1482144" - }, - { - "name" : "http://drupalcode.org/project/languageicons.git/commit/be620bb", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/languageicons.git/commit/be620bb" - }, - { - "name" : "http://drupalcode.org/project/languageicons.git/commit/e3f3f1f", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/languageicons.git/commit/e3f3f1f" - }, - { - "name" : "52499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52499" - }, - { - "name" : "80070", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80070" - }, - { - "name" : "48405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1482144", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1482144" + }, + { + "name": "http://drupal.org/node/1482428", + "refsource": "MISC", + "url": "http://drupal.org/node/1482428" + }, + { + "name": "48405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48405" + }, + { + "name": "http://drupal.org/node/1482136", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1482136" + }, + { + "name": "http://drupalcode.org/project/languageicons.git/commit/e3f3f1f", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/languageicons.git/commit/e3f3f1f" + }, + { + "name": "80070", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80070" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "http://drupalcode.org/project/languageicons.git/commit/be620bb", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/languageicons.git/commit/be620bb" + }, + { + "name": "52499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52499" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2612.json b/2012/2xxx/CVE-2012-2612.json index a1aed8d2978..03ea2b1d1bc 100644 --- a/2012/2xxx/CVE-2012-2612.json +++ b/2012/2xxx/CVE-2012-2612.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1687910", - "refsource" : "MISC", - "url" : "https://service.sap.com/sap/support/notes/1687910" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "1027052", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027052" - }, - { - "name" : "netweaver-diagtracehex-dos(75452)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://service.sap.com/sap/support/notes/1687910", + "refsource": "MISC", + "url": "https://service.sap.com/sap/support/notes/1687910" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities" + }, + { + "name": "1027052", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027052" + }, + { + "name": "netweaver-diagtracehex-dos(75452)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75452" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2671.json b/2012/2xxx/CVE-2012-2671.json index 6d1e9f17077..1efc23e5801 100644 --- a/2012/2xxx/CVE-2012-2671.json +++ b/2012/2xxx/CVE-2012-2671.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120606 CVE request: rack-cache caches sensitive headers (Set-Cookie)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/06/4" - }, - { - "name" : "[oss-security] 20120606 Re: CVE request: rack-cache caches sensitive headers (Set-Cookie)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/06/8" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=763650", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=763650" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=824520", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=824520" - }, - { - "name" : "https://github.com/rtomayko/rack-cache/blob/master/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://github.com/rtomayko/rack-cache/blob/master/CHANGES" - }, - { - "name" : "https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90", - "refsource" : "CONFIRM", - "url" : "https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90" - }, - { - "name" : "https://github.com/rtomayko/rack-cache/pull/52", - "refsource" : "CONFIRM", - "url" : "https://github.com/rtomayko/rack-cache/pull/52" - }, - { - "name" : "FEDORA-2012-8439", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081812.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=763650", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=763650" + }, + { + "name": "https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90", + "refsource": "CONFIRM", + "url": "https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90" + }, + { + "name": "https://github.com/rtomayko/rack-cache/blob/master/CHANGES", + "refsource": "CONFIRM", + "url": "https://github.com/rtomayko/rack-cache/blob/master/CHANGES" + }, + { + "name": "FEDORA-2012-8439", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081812.html" + }, + { + "name": "https://github.com/rtomayko/rack-cache/pull/52", + "refsource": "CONFIRM", + "url": "https://github.com/rtomayko/rack-cache/pull/52" + }, + { + "name": "[oss-security] 20120606 Re: CVE request: rack-cache caches sensitive headers (Set-Cookie)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/06/8" + }, + { + "name": "[oss-security] 20120606 CVE request: rack-cache caches sensitive headers (Set-Cookie)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/06/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=824520", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=824520" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3566.json b/2012/3xxx/CVE-2012-3566.json index 4e9638a7132..cf73b40b73f 100644 --- a/2012/3xxx/CVE-2012-3566.json +++ b/2012/3xxx/CVE-2012-3566.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/windows/1200b/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1200b/" - }, - { - "name" : "opera-form-dos(76361)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opera-form-dos(76361)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76361" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1200b/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1200b/" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3736.json b/2012/3xxx/CVE-2012-3736.json index a7e628e16dd..92e54441c99 100644 --- a/2012/3xxx/CVE-2012-3736.json +++ b/2012/3xxx/CVE-2012-3736.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6178.json b/2012/6xxx/CVE-2012-6178.json index 23e2bb55ffa..ffa4a1e7c8a 100644 --- a/2012/6xxx/CVE-2012-6178.json +++ b/2012/6xxx/CVE-2012-6178.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6178", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6178", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6560.json b/2012/6xxx/CVE-2012-6560.json index 5c381aaf015..7fbeca3aec3 100644 --- a/2012/6xxx/CVE-2012-6560.json +++ b/2012/6xxx/CVE-2012-6560.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18900", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18900" - }, - { - "name" : "53617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53617" - }, - { - "name" : "freenac-deviceadd-sql-injection(75763)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53617" + }, + { + "name": "freenac-deviceadd-sql-injection(75763)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75763" + }, + { + "name": "18900", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18900" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6706.json b/2012/6xxx/CVE-2012-6706.json index dd307048378..d665bdefe7a 100644 --- a/2012/6xxx/CVE-2012-6706.json +++ b/2012/6xxx/CVE-2012-6706.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securitytracker.com/id?1027725", - "refsource" : "MISC", - "url" : "http://securitytracker.com/id?1027725" - }, - { - "name" : "http://telussecuritylabs.com/threats/show/TSL20121207-01", - "refsource" : "MISC", - "url" : "http://telussecuritylabs.com/threats/show/TSL20121207-01" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286" - }, - { - "name" : "https://community.sophos.com/kb/en-us/118424#six", - "refsource" : "MISC", - "url" : "https://community.sophos.com/kb/en-us/118424#six" - }, - { - "name" : "https://lock.cmpxchg8b.com/sophailv2.pdf", - "refsource" : "MISC", - "url" : "https://lock.cmpxchg8b.com/sophailv2.pdf" - }, - { - "name" : "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/", - "refsource" : "MISC", - "url" : "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10205" - }, - { - "name" : "GLSA-201708-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201708-05" - }, - { - "name" : "GLSA-201709-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-24" - }, - { - "name" : "GLSA-201804-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-16" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286" + }, + { + "name": "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/", + "refsource": "MISC", + "url": "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/" + }, + { + "name": "GLSA-201709-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-24" + }, + { + "name": "https://community.sophos.com/kb/en-us/118424#six", + "refsource": "MISC", + "url": "https://community.sophos.com/kb/en-us/118424#six" + }, + { + "name": "GLSA-201708-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201708-05" + }, + { + "name": "https://lock.cmpxchg8b.com/sophailv2.pdf", + "refsource": "MISC", + "url": "https://lock.cmpxchg8b.com/sophailv2.pdf" + }, + { + "name": "GLSA-201804-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-16" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205" + }, + { + "name": "http://telussecuritylabs.com/threats/show/TSL20121207-01", + "refsource": "MISC", + "url": "http://telussecuritylabs.com/threats/show/TSL20121207-01" + }, + { + "name": "http://securitytracker.com/id?1027725", + "refsource": "MISC", + "url": "http://securitytracker.com/id?1027725" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5155.json b/2015/5xxx/CVE-2015-5155.json index 449780523df..9d6f53c1027 100644 --- a/2015/5xxx/CVE-2015-5155.json +++ b/2015/5xxx/CVE-2015-5155.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5155", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5155", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5222.json b/2015/5xxx/CVE-2015-5222.json index 1f1d90fbf4f..777004c74cc 100644 --- a/2015/5xxx/CVE-2015-5222.json +++ b/2015/5xxx/CVE-2015-5222.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2015:1650", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:1650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1650", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:1650" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5365.json b/2015/5xxx/CVE-2015-5365.json index 14e4aac5e7d..ba0fd74e827 100644 --- a/2015/5xxx/CVE-2015-5365.json +++ b/2015/5xxx/CVE-2015-5365.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the \"What's going on?\" profile field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/132418/Zurmo-CRM-3.0.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132418/Zurmo-CRM-3.0.2-Cross-Site-Scripting.html" - }, - { - "name" : "75545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the \"What's going on?\" profile field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132418/Zurmo-CRM-3.0.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132418/Zurmo-CRM-3.0.2-Cross-Site-Scripting.html" + }, + { + "name": "75545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75545" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5841.json b/2015/5xxx/CVE-2015-5841.json index af92db7c591..a9a75e80afb 100644 --- a/2015/5xxx/CVE-2015-5841.json +++ b/2015/5xxx/CVE-2015-5841.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11239.json b/2018/11xxx/CVE-2018-11239.json index 5d91f4c5254..804fdef821e 100644 --- a/2018/11xxx/CVE-2018-11239.json +++ b/2018/11xxx/CVE-2018-11239.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the \"burnOverflow\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://peckshield.com/2018/05/18/burnOverflow/", - "refsource" : "MISC", - "url" : "https://peckshield.com/2018/05/18/burnOverflow/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the \"burnOverflow\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://peckshield.com/2018/05/18/burnOverflow/", + "refsource": "MISC", + "url": "https://peckshield.com/2018/05/18/burnOverflow/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11426.json b/2018/11xxx/CVE-2018-11426.json index 8f1d10c2403..1c8da5107b0 100644 --- a/2018/11xxx/CVE-2018-11426.json +++ b/2018/11xxx/CVE-2018-11426.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11426", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11426", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11745.json b/2018/11xxx/CVE-2018-11745.json index 7adae9ad758..05f0e5288fd 100644 --- a/2018/11xxx/CVE-2018-11745.json +++ b/2018/11xxx/CVE-2018-11745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11808.json b/2018/11xxx/CVE-2018-11808.json index 7d90ff52f9c..91c4a03d18d 100644 --- a/2018/11xxx/CVE-2018-11808.json +++ b/2018/11xxx/CVE-2018-11808.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is \"NT AUTHORITY / SYSTEM\") by sending a specially crafted request to the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.manageengine.com/products/applications_manager/issues.html", - "refsource" : "MISC", - "url" : "https://www.manageengine.com/products/applications_manager/issues.html" - }, - { - "name" : "https://github.com/kactrosN/publicdisclosures", - "refsource" : "MISC", - "url" : "https://github.com/kactrosN/publicdisclosures" - }, - { - "name" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html" - }, - { - "name" : "104467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is \"NT AUTHORITY / SYSTEM\") by sending a specially crafted request to the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html" + }, + { + "name": "https://github.com/kactrosN/publicdisclosures", + "refsource": "MISC", + "url": "https://github.com/kactrosN/publicdisclosures" + }, + { + "name": "https://www.manageengine.com/products/applications_manager/issues.html", + "refsource": "MISC", + "url": "https://www.manageengine.com/products/applications_manager/issues.html" + }, + { + "name": "104467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104467" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14039.json b/2018/14xxx/CVE-2018-14039.json index 04fe4caee85..3d058d470af 100644 --- a/2018/14xxx/CVE-2018-14039.json +++ b/2018/14xxx/CVE-2018-14039.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14039", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14039", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15293.json b/2018/15xxx/CVE-2018-15293.json index 7fbb4d82c0a..c922025bbd1 100644 --- a/2018/15xxx/CVE-2018-15293.json +++ b/2018/15xxx/CVE-2018-15293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15426.json b/2018/15xxx/CVE-2018-15426.json index ce09241de4c..35cb5efae92 100644 --- a/2018/15xxx/CVE-2018-15426.json +++ b/2018/15xxx/CVE-2018-15426.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15426", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Unity Connection Stored Cross-Site Scripting Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unity Connection ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "4.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15426", + "STATE": "PUBLIC", + "TITLE": "Cisco Unity Connection Stored Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unity Connection ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Cisco Unity Connection Stored Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-uc-xss" - }, - { - "name" : "1041781", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041781" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-uc-xss", - "defect" : [ - [ - "CSCvj50043", - "CSCvj50052" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181003 Cisco Unity Connection Stored Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-uc-xss" + }, + { + "name": "1041781", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041781" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-uc-xss", + "defect": [ + [ + "CSCvj50043", + "CSCvj50052" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15725.json b/2018/15xxx/CVE-2018-15725.json index 4dc550b7622..2d0de7f0bbf 100644 --- a/2018/15xxx/CVE-2018-15725.json +++ b/2018/15xxx/CVE-2018-15725.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15725", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15725", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15951.json b/2018/15xxx/CVE-2018-15951.json index 6b0c6984071..fd3d1f33eeb 100644 --- a/2018/15xxx/CVE-2018-15951.json +++ b/2018/15xxx/CVE-2018-15951.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Errors" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105437" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + }, + { + "name": "105437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105437" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3345.json b/2018/3xxx/CVE-2018-3345.json index 67e45e248fb..50ce5b594b9 100644 --- a/2018/3xxx/CVE-2018-3345.json +++ b/2018/3xxx/CVE-2018-3345.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3345", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3345", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8018.json b/2018/8xxx/CVE-2018-8018.json index 7c63e860e9b..f5650c6c2be 100644 --- a/2018/8xxx/CVE-2018-8018.json +++ b/2018/8xxx/CVE-2018-8018.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-07-19T00:00:00", - "ID" : "CVE-2018-8018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Ignite", - "version" : { - "version_data" : [ - { - "version_value" : "2.5.x before 2.5.3" - }, - { - "version_value" : "2.4.x before 2.4.8" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-07-19T00:00:00", + "ID": "CVE-2018-8018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Ignite", + "version": { + "version_data": [ + { + "version_value": "2.5.x before 2.5.3" + }, + { + "version_value": "2.4.x before 2.4.8" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ignite-dev] 20180719 [CVE-2018-8018] Possible Execution of Arbitrary Code via Apache Ignite GridClientJdkMarshaller", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab@%3Cdev.ignite.apache.org%3E" - }, - { - "name" : "RHSA-2018:3768", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3768" - }, - { - "name" : "104911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104911" + }, + { + "name": "[ignite-dev] 20180719 [CVE-2018-8018] Possible Execution of Arbitrary Code via Apache Ignite GridClientJdkMarshaller", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab@%3Cdev.ignite.apache.org%3E" + }, + { + "name": "RHSA-2018:3768", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3768" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8048.json b/2018/8xxx/CVE-2018-8048.json index 48fa318764f..48560bc3093 100644 --- a/2018/8xxx/CVE-2018-8048.json +++ b/2018/8xxx/CVE-2018-8048.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180319 [CVE-2018-8048] Loofah XSS Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/03/19/5" - }, - { - "name" : "https://github.com/flavorjones/loofah/issues/144", - "refsource" : "CONFIRM", - "url" : "https://github.com/flavorjones/loofah/issues/144" - }, - { - "name" : "DSA-4171", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/flavorjones/loofah/issues/144", + "refsource": "CONFIRM", + "url": "https://github.com/flavorjones/loofah/issues/144" + }, + { + "name": "[oss-security] 20180319 [CVE-2018-8048] Loofah XSS Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/03/19/5" + }, + { + "name": "DSA-4171", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4171" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8104.json b/2018/8xxx/CVE-2018-8104.json index a1dc04775f2..d559831dc5c 100644 --- a/2018/8xxx/CVE-2018-8104.json +++ b/2018/8xxx/CVE-2018-8104.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", - "refsource" : "MISC", - "url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", + "refsource": "MISC", + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8359.json b/2018/8xxx/CVE-2018-8359.json index f8ddb616027..90c5050fac8 100644 --- a/2018/8xxx/CVE-2018-8359.json +++ b/2018/8xxx/CVE-2018-8359.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359" - }, - { - "name" : "104990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104990" - }, - { - "name" : "1041457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359" + }, + { + "name": "1041457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041457" + }, + { + "name": "104990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104990" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8575.json b/2018/8xxx/CVE-2018-8575.json index 2cd5e929dc8..a15558233ff 100644 --- a/2018/8xxx/CVE-2018-8575.json +++ b/2018/8xxx/CVE-2018-8575.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Project", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - } - ] - } - }, - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "version_value" : "365 ProPlus for 32-bit Systems" - }, - { - "version_value" : "365 ProPlus for 64-bit Systems" - } - ] - } - }, - { - "product_name" : "Microsoft Project Server", - "version" : { - "version_data" : [ - { - "version_value" : "2013 Service Pack 1 (32-bit edition)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit edition)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka \"Microsoft Project Remote Code Execution Vulnerability.\" This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Project", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + } + ] + } + }, + { + "product_name": "Office", + "version": { + "version_data": [ + { + "version_value": "365 ProPlus for 32-bit Systems" + }, + { + "version_value": "365 ProPlus for 64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Project Server", + "version": { + "version_data": [ + { + "version_value": "2013 Service Pack 1 (32-bit edition)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit edition)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575" - }, - { - "name" : "105807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105807" - }, - { - "name" : "1042116", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka \"Microsoft Project Remote Code Execution Vulnerability.\" This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575" + }, + { + "name": "105807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105807" + }, + { + "name": "1042116", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042116" + } + ] + } +} \ No newline at end of file