From c47b890a80c4504aac6381af38790baac1ff9da0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:31:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0064.json | 370 +++++++++++------------ 2005/0xxx/CVE-2005-0237.json | 230 +++++++------- 2005/0xxx/CVE-2005-0442.json | 170 +++++------ 2005/0xxx/CVE-2005-0524.json | 230 +++++++------- 2005/0xxx/CVE-2005-0756.json | 250 ++++++++-------- 2005/0xxx/CVE-2005-0798.json | 170 +++++------ 2005/1xxx/CVE-2005-1325.json | 140 ++++----- 2005/1xxx/CVE-2005-1378.json | 190 ++++++------ 2005/1xxx/CVE-2005-1623.json | 34 +-- 2005/1xxx/CVE-2005-1673.json | 130 ++++---- 2005/3xxx/CVE-2005-3614.json | 34 +-- 2005/4xxx/CVE-2005-4287.json | 150 +++++----- 2005/4xxx/CVE-2005-4647.json | 160 +++++----- 2005/4xxx/CVE-2005-4740.json | 140 ++++----- 2005/4xxx/CVE-2005-4857.json | 130 ++++---- 2005/4xxx/CVE-2005-4868.json | 170 +++++------ 2009/0xxx/CVE-2009-0037.json | 430 +++++++++++++------------- 2009/0xxx/CVE-2009-0178.json | 180 +++++------ 2009/0xxx/CVE-2009-0179.json | 190 ++++++------ 2009/0xxx/CVE-2009-0183.json | 180 +++++------ 2009/0xxx/CVE-2009-0799.json | 530 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1369.json | 130 ++++---- 2009/1xxx/CVE-2009-1772.json | 140 ++++----- 2009/3xxx/CVE-2009-3268.json | 130 ++++---- 2009/3xxx/CVE-2009-3350.json | 130 ++++---- 2009/4xxx/CVE-2009-4255.json | 140 ++++----- 2009/4xxx/CVE-2009-4276.json | 34 +-- 2009/4xxx/CVE-2009-4345.json | 140 ++++----- 2009/4xxx/CVE-2009-4396.json | 120 ++++---- 2009/4xxx/CVE-2009-4454.json | 150 +++++----- 2009/4xxx/CVE-2009-4786.json | 140 ++++----- 2009/4xxx/CVE-2009-4937.json | 160 +++++----- 2009/4xxx/CVE-2009-4988.json | 180 +++++------ 2012/2xxx/CVE-2012-2200.json | 180 +++++------ 2012/6xxx/CVE-2012-6400.json | 34 +-- 2012/6xxx/CVE-2012-6631.json | 160 +++++----- 2012/6xxx/CVE-2012-6648.json | 140 ++++----- 2015/1xxx/CVE-2015-1014.json | 34 +-- 2015/1xxx/CVE-2015-1095.json | 180 +++++------ 2015/1xxx/CVE-2015-1271.json | 200 ++++++------- 2015/1xxx/CVE-2015-1626.json | 140 ++++----- 2015/1xxx/CVE-2015-1838.json | 150 +++++----- 2015/5xxx/CVE-2015-5079.json | 140 ++++----- 2015/5xxx/CVE-2015-5871.json | 140 ++++----- 2018/11xxx/CVE-2018-11029.json | 34 +-- 2018/11xxx/CVE-2018-11097.json | 120 ++++---- 2018/11xxx/CVE-2018-11105.json | 130 ++++---- 2018/11xxx/CVE-2018-11420.json | 34 +-- 2018/15xxx/CVE-2018-15022.json | 34 +-- 2018/3xxx/CVE-2018-3105.json | 164 +++++----- 2018/3xxx/CVE-2018-3150.json | 172 +++++------ 2018/3xxx/CVE-2018-3736.json | 35 ++- 2018/3xxx/CVE-2018-3857.json | 122 ++++---- 2018/8xxx/CVE-2018-8583.json | 216 +++++++------- 2018/8xxx/CVE-2018-8881.json | 130 ++++---- 55 files changed, 4245 insertions(+), 4246 deletions(-) diff --git a/2005/0xxx/CVE-2005-0064.json b/2005/0xxx/CVE-2005-0064.json index 2412de8cf93..adbd18ee4b4 100644 --- a/2005/0xxx/CVE-2005-0064.json +++ b/2005/0xxx/CVE-2005-0064.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities" - }, - { - "name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch" - }, - { - "name" : "CLA-2005:921", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921" - }, - { - "name" : "DSA-645", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-645" - }, - { - "name" : "DSA-648", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-648" - }, - { - "name" : "FLSA:2352", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2352" - }, - { - "name" : "FLSA:2353", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2353" - }, - { - "name" : "GLSA-200502-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/200502-10" - }, - { - "name" : "GLSA-200501-28", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/200501-28" - }, - { - "name" : "MDKSA-2005:016", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:016" - }, - { - "name" : "MDKSA-2005:017", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:017" - }, - { - "name" : "MDKSA-2005:018", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:018" - }, - { - "name" : "MDKSA-2005:019", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:019" - }, - { - "name" : "MDKSA-2005:020", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:020" - }, - { - "name" : "MDKSA-2005:021", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:021" - }, - { - "name" : "RHSA-2005:034", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-034.html" - }, - { - "name" : "RHSA-2005:053", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-053.html" - }, - { - "name" : "RHSA-2005:057", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-057.html" - }, - { - "name" : "RHSA-2005:059", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-059.html" - }, - { - "name" : "RHSA-2005:066", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-066.html" - }, - { - "name" : "RHSA-2005:026", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-026.html" - }, - { - "name" : "SCOSA-2005.42", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt" - }, - { - "name" : "2005-0003", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0003/" - }, - { - "name" : "20050119 [USN-64-1] xpdf, CUPS vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110625368019554&w=2" - }, - { - "name" : "oval:org.mitre.oval:def:11781", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11781" - }, - { - "name" : "17277", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17277", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17277" + }, + { + "name": "oval:org.mitre.oval:def:11781", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11781" + }, + { + "name": "RHSA-2005:066", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-066.html" + }, + { + "name": "RHSA-2005:034", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-034.html" + }, + { + "name": "MDKSA-2005:018", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:018" + }, + { + "name": "MDKSA-2005:017", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:017" + }, + { + "name": "MDKSA-2005:016", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:016" + }, + { + "name": "2005-0003", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0003/" + }, + { + "name": "FLSA:2352", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2352" + }, + { + "name": "FLSA:2353", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2353" + }, + { + "name": "DSA-645", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-645" + }, + { + "name": "GLSA-200502-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/200502-10" + }, + { + "name": "RHSA-2005:026", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-026.html" + }, + { + "name": "RHSA-2005:053", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html" + }, + { + "name": "MDKSA-2005:020", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:020" + }, + { + "name": "GLSA-200501-28", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/200501-28" + }, + { + "name": "20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities" + }, + { + "name": "RHSA-2005:059", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-059.html" + }, + { + "name": "20050119 [USN-64-1] xpdf, CUPS vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110625368019554&w=2" + }, + { + "name": "SCOSA-2005.42", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt" + }, + { + "name": "DSA-648", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-648" + }, + { + "name": "MDKSA-2005:021", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:021" + }, + { + "name": "CLA-2005:921", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921" + }, + { + "name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch" + }, + { + "name": "MDKSA-2005:019", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:019" + }, + { + "name": "RHSA-2005:057", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-057.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0237.json b/2005/0xxx/CVE-2005-0237.json index 7d317ccb458..6006acd3b11 100644 --- a/2005/0xxx/CVE-2005-0237.json +++ b/2005/0xxx/CVE-2005-0237.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050206 state of homograph attacks", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html" - }, - { - "name" : "20050206 Re: state of homograph attacks", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html" - }, - { - "name" : "http://www.shmoo.com/idn", - "refsource" : "MISC", - "url" : "http://www.shmoo.com/idn" - }, - { - "name" : "http://www.shmoo.com/idn/homograph.txt", - "refsource" : "MISC", - "url" : "http://www.shmoo.com/idn/homograph.txt" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20050316-2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20050316-2.txt" - }, - { - "name" : "FLSA:178606", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427976/100/0/threaded" - }, - { - "name" : "MDKSA-2005:058", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:058" - }, - { - "name" : "RHSA-2005:325", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-325.html" - }, - { - "name" : "12461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12461" - }, - { - "name" : "oval:org.mitre.oval:def:10671", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671" - }, - { - "name" : "14162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14162" - }, - { - "name" : "multiple-browsers-idn-spoof(19236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.shmoo.com/idn/homograph.txt", + "refsource": "MISC", + "url": "http://www.shmoo.com/idn/homograph.txt" + }, + { + "name": "multiple-browsers-idn-spoof(19236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236" + }, + { + "name": "20050206 state of homograph attacks", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html" + }, + { + "name": "http://www.kde.org/info/security/advisory-20050316-2.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20050316-2.txt" + }, + { + "name": "http://www.shmoo.com/idn", + "refsource": "MISC", + "url": "http://www.shmoo.com/idn" + }, + { + "name": "20050206 Re: state of homograph attacks", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html" + }, + { + "name": "FLSA:178606", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427976/100/0/threaded" + }, + { + "name": "MDKSA-2005:058", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:058" + }, + { + "name": "14162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14162" + }, + { + "name": "RHSA-2005:325", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-325.html" + }, + { + "name": "oval:org.mitre.oval:def:10671", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671" + }, + { + "name": "12461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12461" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0442.json b/2005/0xxx/CVE-2005-0442.json index d938df4eac0..afe52f8f9b5 100644 --- a/2005/0xxx/CVE-2005-0442.json +++ b/2005/0xxx/CVE-2005-0442.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050214 [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110842125901191&w=2" - }, - { - "name" : "20050406 RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111281888605580&w=2" - }, - { - "name" : "http://www.cubecart.com/site/forums/index.php?showtopic=5741", - "refsource" : "CONFIRM", - "url" : "http://www.cubecart.com/site/forums/index.php?showtopic=5741" - }, - { - "name" : "12549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12549" - }, - { - "name" : "14272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14272" - }, - { - "name" : "cubecart-dotdot-directory-traversal(19322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cubecart.com/site/forums/index.php?showtopic=5741", + "refsource": "CONFIRM", + "url": "http://www.cubecart.com/site/forums/index.php?showtopic=5741" + }, + { + "name": "20050406 RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111281888605580&w=2" + }, + { + "name": "12549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12549" + }, + { + "name": "14272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14272" + }, + { + "name": "20050214 [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110842125901191&w=2" + }, + { + "name": "cubecart-dotdot-directory-traversal(19322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19322" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0524.json b/2005/0xxx/CVE-2005-0524.json index 1ffc28a5a95..de5061dd29e 100644 --- a/2005/0xxx/CVE-2005-0524.json +++ b/2005/0xxx/CVE-2005-0524.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050331 PHP getimagesize() Multiple Denial of Service Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://www.securityfocus.com/archive/1/394797" - }, - { - "name" : "APPLE-SA-2005-06-08", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" - }, - { - "name" : "GLSA-200504-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml" - }, - { - "name" : "MDKSA-2005:072", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072" - }, - { - "name" : "RHSA-2005:405", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-405.html" - }, - { - "name" : "RHSA-2005:406", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-406.html" - }, - { - "name" : "oval:org.mitre.oval:def:9310", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9310" - }, - { - "name" : "ADV-2005-0305", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0305" - }, - { - "name" : "15183", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15183" - }, - { - "name" : "1013619", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013619" - }, - { - "name" : "14792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14792" - }, - { - "name" : "php-phphandleiff-dos(19920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15183", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15183" + }, + { + "name": "1013619", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013619" + }, + { + "name": "RHSA-2005:406", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-406.html" + }, + { + "name": "php-phphandleiff-dos(19920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19920" + }, + { + "name": "MDKSA-2005:072", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072" + }, + { + "name": "GLSA-200504-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml" + }, + { + "name": "APPLE-SA-2005-06-08", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:9310", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9310" + }, + { + "name": "14792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14792" + }, + { + "name": "ADV-2005-0305", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0305" + }, + { + "name": "20050331 PHP getimagesize() Multiple Denial of Service Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://www.securityfocus.com/archive/1/394797" + }, + { + "name": "RHSA-2005:405", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-405.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0756.json b/2005/0xxx/CVE-2005-0756.json index 6bbd7b82bee..0c6af5a12e8 100644 --- a/2005/0xxx/CVE-2005-0756.json +++ b/2005/0xxx/CVE-2005-0756.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on the amd64 platform, which allows local users to cause a denial of service (kernel crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-922" - }, - { - "name" : "DSA-921", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-921" - }, - { - "name" : "FLSA:157459-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/428058/100/0/threaded" - }, - { - "name" : "FLSA:157459-3", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" - }, - { - "name" : "RHSA-2005:514", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-514.html" - }, - { - "name" : "RHSA-2005:663", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-663.html" - }, - { - "name" : "USN-137-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/137-1/" - }, - { - "name" : "13891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13891" - }, - { - "name" : "oval:org.mitre.oval:def:11119", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11119" - }, - { - "name" : "ADV-2005-1878", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1878" - }, - { - "name" : "18056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18056" - }, - { - "name" : "18059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18059" - }, - { - "name" : "17073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17073" - }, - { - "name" : "17002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on the amd64 platform, which allows local users to cause a denial of service (kernel crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18056" + }, + { + "name": "17073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17073" + }, + { + "name": "USN-137-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/137-1/" + }, + { + "name": "13891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13891" + }, + { + "name": "18059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18059" + }, + { + "name": "FLSA:157459-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/428058/100/0/threaded" + }, + { + "name": "DSA-922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-922" + }, + { + "name": "oval:org.mitre.oval:def:11119", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11119" + }, + { + "name": "DSA-921", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-921" + }, + { + "name": "RHSA-2005:514", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-514.html" + }, + { + "name": "17002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17002" + }, + { + "name": "FLSA:157459-3", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded" + }, + { + "name": "RHSA-2005:663", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-663.html" + }, + { + "name": "ADV-2005-1878", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1878" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0798.json b/2005/0xxx/CVE-2005-0798.json index cbe0dd6baf5..0059afd8b8a 100644 --- a/2005/0xxx/CVE-2005-0798.json +++ b/2005/0xxx/CVE-2005-0798.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050315 [ISR] - Novell iChain Mini FTP Server Bruteforce Problem", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111091517007681&w=2" - }, - { - "name" : "http://www.infobyte.com.ar/adv/ISR-05.html", - "refsource" : "MISC", - "url" : "http://www.infobyte.com.ar/adv/ISR-05.html" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096887.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096887.htm" - }, - { - "name" : "14648", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14648" - }, - { - "name" : "1013408", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013408" - }, - { - "name" : "14607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14648", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14648" + }, + { + "name": "1013408", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013408" + }, + { + "name": "http://www.infobyte.com.ar/adv/ISR-05.html", + "refsource": "MISC", + "url": "http://www.infobyte.com.ar/adv/ISR-05.html" + }, + { + "name": "14607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14607" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096887.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096887.htm" + }, + { + "name": "20050315 [ISR] - Novell iChain Mini FTP Server Bruteforce Problem", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111091517007681&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1325.json b/2005/1xxx/CVE-2005-1325.json index 8ce8bbbcaff..88add29a9a6 100644 --- a/2005/1xxx/CVE-2005-1325.json +++ b/2005/1xxx/CVE-2005-1325.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050426 [exploits] phpMyVisites 1.3 local file retrieval", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111454298603060&w=2" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/phpmyvisites/phpmyvisites/include/set_lang.php?r1=1.5&r2=1.6", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/phpmyvisites/phpmyvisites/include/set_lang.php?r1=1.5&r2=1.6" - }, - { - "name" : "13370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050426 [exploits] phpMyVisites 1.3 local file retrieval", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111454298603060&w=2" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/phpmyvisites/phpmyvisites/include/set_lang.php?r1=1.5&r2=1.6", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/phpmyvisites/phpmyvisites/include/set_lang.php?r1=1.5&r2=1.6" + }, + { + "name": "13370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13370" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1378.json b/2005/1xxx/CVE-2005-1378.json index a5f5f547e70..400ec4585db 100644 --- a/2005/1xxx/CVE-2005-1378.json +++ b/2005/1xxx/CVE-2005-1378.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050427 phpBB Notes Mod SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111471606518372&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00070-04272005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00070-04272005" - }, - { - "name" : "13417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13417" - }, - { - "name" : "ADV-2005-0416", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0416" - }, - { - "name" : "15899", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15899" - }, - { - "name" : "1013827", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013827" - }, - { - "name" : "15154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15154/" - }, - { - "name" : "phpbb-notes-module-sql-injection(20303)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050427 phpBB Notes Mod SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111471606518372&w=2" + }, + { + "name": "1013827", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013827" + }, + { + "name": "13417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13417" + }, + { + "name": "ADV-2005-0416", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0416" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00070-04272005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00070-04272005" + }, + { + "name": "15899", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15899" + }, + { + "name": "15154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15154/" + }, + { + "name": "phpbb-notes-module-sql-injection(20303)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20303" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1623.json b/2005/1xxx/CVE-2005-1623.json index 9c0a58e5bba..ddfcae09061 100644 --- a/2005/1xxx/CVE-2005-1623.json +++ b/2005/1xxx/CVE-2005-1623.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1623", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1623", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1673.json b/2005/1xxx/CVE-2005-1673.json index 11ed0f384eb..44115f965a5 100644 --- a/2005/1xxx/CVE-2005-1673.json +++ b/2005/1xxx/CVE-2005-1673.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050517 Help Center Live Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/398457/2005-05-15/2005-05-21/0" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00076-05172005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00076-05172005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gulftech.org/?node=research&article_id=00076-05172005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00076-05172005" + }, + { + "name": "20050517 Help Center Live Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/398457/2005-05-15/2005-05-21/0" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3614.json b/2005/3xxx/CVE-2005-3614.json index f00a6d25ad6..adc1d1f63f3 100644 --- a/2005/3xxx/CVE-2005-3614.json +++ b/2005/3xxx/CVE-2005-3614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3614", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3614", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4287.json b/2005/4xxx/CVE-2005-4287.json index a1ceaed623c..2daf6ea7784 100644 --- a/2005/4xxx/CVE-2005-4287.json +++ b/2005/4xxx/CVE-2005-4287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051215 MarmaraWeb E-commerce Remote Command Exucetion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419587/100/0/threaded" - }, - { - "name" : "15877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15877" - }, - { - "name" : "21903", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21903" - }, - { - "name" : "263", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15877" + }, + { + "name": "21903", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21903" + }, + { + "name": "20051215 MarmaraWeb E-commerce Remote Command Exucetion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419587/100/0/threaded" + }, + { + "name": "263", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/263" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4647.json b/2005/4xxx/CVE-2005-4647.json index 3029cb95242..902a35b03db 100644 --- a/2005/4xxx/CVE-2005-4647.json +++ b/2005/4xxx/CVE-2005-4647.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) forumsId and (2) topicId parameters in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15425" - }, - { - "name" : "ADV-2005-2426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2426" - }, - { - "name" : "20848", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20848" - }, - { - "name" : "17533", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17533" - }, - { - "name" : "pearl-forums-index-sql-injection(23195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) forumsId and (2) topicId parameters in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15425" + }, + { + "name": "pearl-forums-index-sql-injection(23195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23195" + }, + { + "name": "20848", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20848" + }, + { + "name": "ADV-2005-2426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2426" + }, + { + "name": "17533", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17533" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4740.json b/2005/4xxx/CVE-2005-4740.json index 810fbcfd23d..d38eb1e1a5b 100644 --- a/2005/4xxx/CVE-2005-4740.json +++ b/2005/4xxx/CVE-2005-4740.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by \"connecting from a downlevel client.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JR21329", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1JR21329" - }, - { - "name" : "15126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15126" - }, - { - "name" : "17031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by \"connecting from a downlevel client.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR21329", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR21329" + }, + { + "name": "15126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15126" + }, + { + "name": "17031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17031" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4857.json b/2005/4xxx/CVE-2005-4857.json index 8b7f9cfe7c5..21445328626 100644 --- a/2005/4xxx/CVE-2005-4857.json +++ b/2005/4xxx/CVE-2005-4857.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a \"memory addressing error\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0", - "refsource" : "CONFIRM", - "url" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0" - }, - { - "name" : "http://issues.ez.no/7459", - "refsource" : "CONFIRM", - "url" : "http://issues.ez.no/7459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a \"memory addressing error\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0", + "refsource": "CONFIRM", + "url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0" + }, + { + "name": "http://issues.ez.no/7459", + "refsource": "CONFIRM", + "url": "http://issues.ez.no/7459" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4868.json b/2005/4xxx/CVE-2005-4868.json index 9c219c6d1ac..91897c09752 100644 --- a/2005/4xxx/CVE-2005-4868.json +++ b/2005/4xxx/CVE-2005-4868.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050105 IBM DB2 Windows Permission Problems (#NISR05012005F)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110495402231836&w=2" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21181228", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21181228" - }, - { - "name" : "http://www.nextgenss.com/advisories/db205012005F.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/db205012005F.txt" - }, - { - "name" : "11402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11402" - }, - { - "name" : "12733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12733/" - }, - { - "name" : "db2-everyone-gain-access(17605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050105 IBM DB2 Windows Permission Problems (#NISR05012005F)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110495402231836&w=2" + }, + { + "name": "11402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11402" + }, + { + "name": "db2-everyone-gain-access(17605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17605" + }, + { + "name": "http://www.nextgenss.com/advisories/db205012005F.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/db205012005F.txt" + }, + { + "name": "12733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12733/" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21181228", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21181228" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0037.json b/2009/0xxx/CVE-2009-0037.json index 20bd98499e8..9073b1dce6f 100644 --- a/2009/0xxx/CVE-2009-0037.json +++ b/2009/0xxx/CVE-2009-0037.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090312 rPSA-2009-0042-1 curl", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501757/100/0/threaded" - }, - { - "name" : "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504849/100/0/threaded" - }, - { - "name" : "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2009/000060.html" - }, - { - "name" : "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/", - "refsource" : "MISC", - "url" : "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/" - }, - { - "name" : "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf", - "refsource" : "MISC", - "url" : "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf" - }, - { - "name" : "http://curl.haxx.se/docs/adv_20090303.html", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/docs/adv_20090303.html" - }, - { - "name" : "http://curl.haxx.se/lxr/source/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/lxr/source/CHANGES" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0009.html" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "DSA-1738", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1738" - }, - { - "name" : "GLSA-200903-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-21.xml" - }, - { - "name" : "RHSA-2009:0341", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0341.html" - }, - { - "name" : "SSA:2009-069-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602" - }, - { - "name" : "SUSE-SR:2009:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" - }, - { - "name" : "USN-726-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-726-1" - }, - { - "name" : "33962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33962" - }, - { - "name" : "oval:org.mitre.oval:def:11054", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054" - }, - { - "name" : "oval:org.mitre.oval:def:6074", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074" - }, - { - "name" : "1021783", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021783" - }, - { - "name" : "34138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34138" - }, - { - "name" : "34202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34202" - }, - { - "name" : "34255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34255" - }, - { - "name" : "34259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34259" - }, - { - "name" : "34237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34237" - }, - { - "name" : "34251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34251" - }, - { - "name" : "34399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34399" - }, - { - "name" : "35766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35766" - }, - { - "name" : "ADV-2009-0581", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0581" - }, - { - "name" : "ADV-2009-1865", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1865" - }, - { - "name" : "curl-location-security-bypass(49030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-726-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-726-1" + }, + { + "name": "34259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34259" + }, + { + "name": "http://curl.haxx.se/lxr/source/CHANGES", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/lxr/source/CHANGES" + }, + { + "name": "35766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35766" + }, + { + "name": "34255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34255" + }, + { + "name": "RHSA-2009:0341", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html" + }, + { + "name": "DSA-1738", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1738" + }, + { + "name": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/", + "refsource": "MISC", + "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/" + }, + { + "name": "curl-location-security-bypass(49030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030" + }, + { + "name": "ADV-2009-1865", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1865" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042" + }, + { + "name": "SUSE-SR:2009:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" + }, + { + "name": "34138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34138" + }, + { + "name": "http://curl.haxx.se/docs/adv_20090303.html", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/docs/adv_20090303.html" + }, + { + "name": "34202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34202" + }, + { + "name": "20090312 rPSA-2009-0042-1 curl", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded" + }, + { + "name": "ADV-2009-0581", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0581" + }, + { + "name": "SSA:2009-069-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602" + }, + { + "name": "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html" + }, + { + "name": "33962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33962" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf", + "refsource": "MISC", + "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf" + }, + { + "name": "oval:org.mitre.oval:def:11054", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054" + }, + { + "name": "GLSA-200903-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml" + }, + { + "name": "oval:org.mitre.oval:def:6074", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074" + }, + { + "name": "1021783", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021783" + }, + { + "name": "34251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34251" + }, + { + "name": "34399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34399" + }, + { + "name": "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded" + }, + { + "name": "34237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34237" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0178.json b/2009/0xxx/CVE-2009-0178.json index 11b4561075c..dbb86fb6847 100644 --- a/2009/0xxx/CVE-2009-0178.json +++ b/2009/0xxx/CVE-2009-0178.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4521", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4521" - }, - { - "name" : "MB02834", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1MB02834" - }, - { - "name" : "33293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33293" - }, - { - "name" : "ADV-2009-0158", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0158" - }, - { - "name" : "51432", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51432" - }, - { - "name" : "33518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33518" - }, - { - "name" : "ibm-hmc-unspecified(48010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51432", + "refsource": "OSVDB", + "url": "http://osvdb.org/51432" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4521", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4521" + }, + { + "name": "ibm-hmc-unspecified(48010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48010" + }, + { + "name": "33293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33293" + }, + { + "name": "33518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33518" + }, + { + "name": "MB02834", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1MB02834" + }, + { + "name": "ADV-2009-0158", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0158" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0179.json b/2009/0xxx/CVE-2009-0179.json index 9ab71a99bee..d2f3b4119d3 100644 --- a/2009/0xxx/CVE-2009-0179.json +++ b/2009/0xxx/CVE-2009-0179.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090113 CVE Request -- libmikmod", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/01/13/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476339", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476339" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=479833", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=479833" - }, - { - "name" : "FEDORA-2009-9095", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01305.html" - }, - { - "name" : "FEDORA-2009-9112", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01312.html" - }, - { - "name" : "SUSE-SR:2009:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" - }, - { - "name" : "33240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33240" - }, - { - "name" : "34259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34259" + }, + { + "name": "FEDORA-2009-9095", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01305.html" + }, + { + "name": "SUSE-SR:2009:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" + }, + { + "name": "33240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33240" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476339", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476339" + }, + { + "name": "FEDORA-2009-9112", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01312.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=479833", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479833" + }, + { + "name": "[oss-security] 20090113 CVE Request -- libmikmod", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/01/13/2" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0183.json b/2009/0xxx/CVE-2009-0183.json index ced34961f7c..15962768f99 100644 --- a/2009/0xxx/CVE-2009-0183.json +++ b/2009/0xxx/CVE-2009-0183.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-0183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090202 Secunia Research: Free Download Manager Remote Control Server Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500604/100/0/threaded" - }, - { - "name" : "7986", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7986" - }, - { - "name" : "http://secunia.com/secunia_research/2009-3/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-3/" - }, - { - "name" : "33554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33554" - }, - { - "name" : "51745", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51745" - }, - { - "name" : "ADV-2009-0302", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0302" - }, - { - "name" : "33524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33554" + }, + { + "name": "20090202 Secunia Research: Free Download Manager Remote Control Server Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500604/100/0/threaded" + }, + { + "name": "7986", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7986" + }, + { + "name": "http://secunia.com/secunia_research/2009-3/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-3/" + }, + { + "name": "33524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33524" + }, + { + "name": "51745", + "refsource": "OSVDB", + "url": "http://osvdb.org/51745" + }, + { + "name": "ADV-2009-0302", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0302" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0799.json b/2009/0xxx/CVE-2009-0799.json index ec7c9d7a41b..c5eb7d11750 100644 --- a/2009/0xxx/CVE-2009-0799.json +++ b/2009/0xxx/CVE-2009-0799.json @@ -1,267 +1,267 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886" - }, - { - "name" : "http://poppler.freedesktop.org/releases.html", - "refsource" : "CONFIRM", - "url" : "http://poppler.freedesktop.org/releases.html" - }, - { - "name" : "DSA-1790", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1790" - }, - { - "name" : "DSA-1793", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1793" - }, - { - "name" : "FEDORA-2009-6973", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html" - }, - { - "name" : "FEDORA-2009-6982", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html" - }, - { - "name" : "FEDORA-2009-6972", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html" - }, - { - "name" : "MDVSA-2009:101", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101" - }, - { - "name" : "MDVSA-2010:087", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087" - }, - { - "name" : "MDVSA-2011:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" - }, - { - "name" : "RHSA-2009:0430", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0430.html" - }, - { - "name" : "RHSA-2009:0429", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0429.html" - }, - { - "name" : "RHSA-2009:0431", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0431.html" - }, - { - "name" : "RHSA-2009:0458", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0458.html" - }, - { - "name" : "RHSA-2009:0480", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0480.html" - }, - { - "name" : "SSA:2009-129-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477" - }, - { - "name" : "SUSE-SA:2009:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "VU#196617", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/196617" - }, - { - "name" : "34568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34568" - }, - { - "name" : "oval:org.mitre.oval:def:10204", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204" - }, - { - "name" : "1022072", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022072" - }, - { - "name" : "34755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34755" - }, - { - "name" : "34291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34291" - }, - { - "name" : "34481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34481" - }, - { - "name" : "34746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34746" - }, - { - "name" : "34852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34852" - }, - { - "name" : "34756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34756" - }, - { - "name" : "34959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34959" - }, - { - "name" : "34963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34963" - }, - { - "name" : "35037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35037" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "34991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34991" - }, - { - "name" : "35064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35064" - }, - { - "name" : "35618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35618" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "ADV-2009-1065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1065" - }, - { - "name" : "ADV-2009-1066", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1066" - }, - { - "name" : "ADV-2009-1076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1076" - }, - { - "name" : "ADV-2009-1077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1077" - }, - { - "name" : "ADV-2010-1040", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10204", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204" + }, + { + "name": "DSA-1793", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1793" + }, + { + "name": "34963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34963" + }, + { + "name": "DSA-1790", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1790" + }, + { + "name": "35037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35037" + }, + { + "name": "ADV-2009-1077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1077" + }, + { + "name": "35064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35064" + }, + { + "name": "ADV-2009-1066", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1066" + }, + { + "name": "34481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34481" + }, + { + "name": "SSA:2009-129-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477" + }, + { + "name": "1022072", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022072" + }, + { + "name": "RHSA-2009:0431", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html" + }, + { + "name": "ADV-2009-1065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1065" + }, + { + "name": "RHSA-2009:0430", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html" + }, + { + "name": "FEDORA-2009-6972", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html" + }, + { + "name": "35618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35618" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "RHSA-2009:0480", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html" + }, + { + "name": "http://poppler.freedesktop.org/releases.html", + "refsource": "CONFIRM", + "url": "http://poppler.freedesktop.org/releases.html" + }, + { + "name": "34568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34568" + }, + { + "name": "MDVSA-2011:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" + }, + { + "name": "VU#196617", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/196617" + }, + { + "name": "ADV-2010-1040", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1040" + }, + { + "name": "SUSE-SA:2009:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html" + }, + { + "name": "RHSA-2009:0458", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html" + }, + { + "name": "FEDORA-2009-6982", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html" + }, + { + "name": "34991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34991" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886" + }, + { + "name": "MDVSA-2009:101", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101" + }, + { + "name": "MDVSA-2010:087", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "ADV-2009-1076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1076" + }, + { + "name": "34756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34756" + }, + { + "name": "34291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34291" + }, + { + "name": "34755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34755" + }, + { + "name": "34852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34852" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "FEDORA-2009-6973", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html" + }, + { + "name": "34959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34959" + }, + { + "name": "34746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34746" + }, + { + "name": "RHSA-2009:0429", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1369.json b/2009/1xxx/CVE-2009-1369.json index 7dfe69b677a..2d9bc7256a8 100644 --- a/2009/1xxx/CVE-2009-1369.json +++ b/2009/1xxx/CVE-2009-1369.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8394", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8394" - }, - { - "name" : "mozilocms-index-path-disclosure(49811)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mozilocms-index-path-disclosure(49811)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49811" + }, + { + "name": "8394", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8394" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1772.json b/2009/1xxx/CVE-2009-1772.json index 2c75c03c9d3..e32c04e70ee 100644 --- a/2009/1xxx/CVE-2009-1772.json +++ b/2009/1xxx/CVE-2009-1772.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2009/05/activecollab-xss-and-full-path.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2009/05/activecollab-xss-and-full-path.html" - }, - { - "name" : "35022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35022" - }, - { - "name" : "35079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35079" + }, + { + "name": "http://pridels-team.blogspot.com/2009/05/activecollab-xss-and-full-path.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2009/05/activecollab-xss-and-full-path.html" + }, + { + "name": "35022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35022" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3268.json b/2009/3xxx/CVE-2009-3268.json index 1021407061e..a871e8706e9 100644 --- a/2009/3xxx/CVE-2009-3268.json +++ b/2009/3xxx/CVE-2009-3268.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090908 Re: DoS vulnerability in Google Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506328/100/100/threaded" - }, - { - "name" : "http://websecurity.com.ua/3194/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/3194/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090908 Re: DoS vulnerability in Google Chrome", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506328/100/100/threaded" + }, + { + "name": "http://websecurity.com.ua/3194/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/3194/" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3350.json b/2009/3xxx/CVE-2009-3350.json index 9a7319cefa0..c128a830cec 100644 --- a/2009/3xxx/CVE-2009-3350.json +++ b/2009/3xxx/CVE-2009-3350.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/572852", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/572852" - }, - { - "name" : "36329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36329" + }, + { + "name": "http://drupal.org/node/572852", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/572852" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4255.json b/2009/4xxx/CVE-2009-4255.json index 381c1d4a930..096ec693666 100644 --- a/2009/4xxx/CVE-2009-4255.json +++ b/2009/4xxx/CVE-2009-4255.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10301", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10301" - }, - { - "name" : "37601", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37601" - }, - { - "name" : "youhostit-createdbyalias-xss(54570)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "youhostit-createdbyalias-xss(54570)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54570" + }, + { + "name": "10301", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10301" + }, + { + "name": "37601", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37601" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4276.json b/2009/4xxx/CVE-2009-4276.json index f347949db6b..b638ff9953d 100644 --- a/2009/4xxx/CVE-2009-4276.json +++ b/2009/4xxx/CVE-2009-4276.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4276", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-4276", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4345.json b/2009/4xxx/CVE-2009-4345.json index 59dce44388b..bea86f6a843 100644 --- a/2009/4xxx/CVE-2009-4345.json +++ b/2009/4xxx/CVE-2009-4345.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - }, - { - "name" : "ADV-2009-3550", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3550" - }, - { - "name" : "typo3-vshoutbox-xss(54787)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3550", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3550" + }, + { + "name": "typo3-vshoutbox-xss(54787)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54787" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4396.json b/2009/4xxx/CVE-2009-4396.json index 5b26679a4a6..b5ac2e509d7 100644 --- a/2009/4xxx/CVE-2009-4396.json +++ b/2009/4xxx/CVE-2009-4396.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4454.json b/2009/4xxx/CVE-2009-4454.json index 75a37a528b8..f019a15d8ab 100644 --- a/2009/4xxx/CVE-2009-4454.json +++ b/2009/4xxx/CVE-2009-4454.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091216 VideoCache 1.9.2 vccleaner root vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508507/100/0/threaded" - }, - { - "name" : "20091216 VideoCache 1.9.2 vccleaner root vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0366.html" - }, - { - "name" : "37733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37733" - }, - { - "name" : "videocache-vccleaner-symlink(54916)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091216 VideoCache 1.9.2 vccleaner root vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0366.html" + }, + { + "name": "20091216 VideoCache 1.9.2 vccleaner root vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508507/100/0/threaded" + }, + { + "name": "videocache-vccleaner-symlink(54916)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54916" + }, + { + "name": "37733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37733" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4786.json b/2009/4xxx/CVE-2009-4786.json index 7468b13536f..f1288623b42 100644 --- a/2009/4xxx/CVE-2009-4786.json +++ b/2009/4xxx/CVE-2009-4786.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/130/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/130/45/" - }, - { - "name" : "http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/", - "refsource" : "CONFIRM", - "url" : "http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/" - }, - { - "name" : "37349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://holisticinfosec.org/content/view/130/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/130/45/" + }, + { + "name": "http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/", + "refsource": "CONFIRM", + "url": "http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/" + }, + { + "name": "37349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37349" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4937.json b/2009/4xxx/CVE-2009-4937.json index 06b192f5b8f..e9757b4bd70 100644 --- a/2009/4xxx/CVE-2009-4937.json +++ b/2009/4xxx/CVE-2009-4937.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090527 MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503863/100/0/threaded" - }, - { - "name" : "8819", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8819" - }, - { - "name" : "54783", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54783" - }, - { - "name" : "35272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35272" - }, - { - "name" : "small-pirate-bbcode-xss(50836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8819", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8819" + }, + { + "name": "54783", + "refsource": "OSVDB", + "url": "http://osvdb.org/54783" + }, + { + "name": "35272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35272" + }, + { + "name": "small-pirate-bbcode-xss(50836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50836" + }, + { + "name": "20090527 MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503863/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4988.json b/2009/4xxx/CVE-2009-4988.json index 31bdd6b344b..408f4479b8f 100644 --- a/2009/4xxx/CVE-2009-4988.json +++ b/2009/4xxx/CVE-2009-4988.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090804 SAP Business One 2005 Remote Buffer Overflow Vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505489/100/0/threaded" - }, - { - "name" : "9319", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9319" - }, - { - "name" : "35933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35933" - }, - { - "name" : "1022655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022655" - }, - { - "name" : "36103", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36103" - }, - { - "name" : "ADV-2009-2170", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2170" - }, - { - "name" : "sap-bo2005-ntnamingservice-bo(52256)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sap-bo2005-ntnamingservice-bo(52256)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52256" + }, + { + "name": "1022655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022655" + }, + { + "name": "ADV-2009-2170", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2170" + }, + { + "name": "36103", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36103" + }, + { + "name": "9319", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9319" + }, + { + "name": "20090804 SAP Business One 2005 Remote Buffer Overflow Vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505489/100/0/threaded" + }, + { + "name": "35933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35933" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2200.json b/2012/2xxx/CVE-2012-2200.json index 6025e313626..52c613a2c35 100644 --- a/2012/2xxx/CVE-2012-2200.json +++ b/2012/2xxx/CVE-2012-2200.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc" - }, - { - "name" : "IV22963", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22963" - }, - { - "name" : "IV22964", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22964" - }, - { - "name" : "IV22965", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22965" - }, - { - "name" : "IV22966", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22966" - }, - { - "name" : "1027207", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027207" - }, - { - "name" : "aix-sendmail-command-execution(76466)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027207", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027207" + }, + { + "name": "IV22965", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22965" + }, + { + "name": "IV22963", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22963" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc" + }, + { + "name": "aix-sendmail-command-execution(76466)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76466" + }, + { + "name": "IV22964", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22964" + }, + { + "name": "IV22966", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22966" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6400.json b/2012/6xxx/CVE-2012-6400.json index e814bb6010f..32d34df5a40 100644 --- a/2012/6xxx/CVE-2012-6400.json +++ b/2012/6xxx/CVE-2012-6400.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6400", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6400", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6631.json b/2012/6xxx/CVE-2012-6631.json index c9b8733788a..d1e5478afd8 100644 --- a/2012/6xxx/CVE-2012-6631.json +++ b/2012/6xxx/CVE-2012-6631.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/112655/NetBill-Billing-System-1.2-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112655/NetBill-Billing-System-1.2-CSRF-XSS.html" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=560", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=560" - }, - { - "name" : "81881", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81881" - }, - { - "name" : "49109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49109" - }, - { - "name" : "netbill-index-csrf(75539)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49109" + }, + { + "name": "netbill-index-csrf(75539)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75539" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=560", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=560" + }, + { + "name": "http://packetstormsecurity.org/files/112655/NetBill-Billing-System-1.2-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112655/NetBill-Billing-System-1.2-CSRF-XSS.html" + }, + { + "name": "81881", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81881" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6648.json b/2012/6xxx/CVE-2012-6648.json index 22cc767e1bd..12bf33e381b 100644 --- a/2012/6xxx/CVE-2012-6648.json +++ b/2012/6xxx/CVE-2012-6648.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpadlibrarian.net/96474113/gdm-guest-session.secure-cleanup.debdiff", - "refsource" : "MISC", - "url" : "https://launchpadlibrarian.net/96474113/gdm-guest-session.secure-cleanup.debdiff" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044" - }, - { - "name" : "USN-1399-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1399-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpadlibrarian.net/96474113/gdm-guest-session.secure-cleanup.debdiff", + "refsource": "MISC", + "url": "https://launchpadlibrarian.net/96474113/gdm-guest-session.secure-cleanup.debdiff" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044" + }, + { + "name": "USN-1399-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1399-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1014.json b/2015/1xxx/CVE-2015-1014.json index 26f431f7646..cc039832a4c 100644 --- a/2015/1xxx/CVE-2015-1014.json +++ b/2015/1xxx/CVE-2015-1014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1095.json b/2015/1xxx/CVE-2015-1095.json index c35dc193314..8693b07fa5d 100644 --- a/2015/1xxx/CVE-2015-1095.json +++ b/2015/1xxx/CVE-2015-1095.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1271.json b/2015/1xxx/CVE-2015-1271.json index 82e369216ec..9a3197d7fc8 100644 --- a/2015/1xxx/CVE-2015-1271.json +++ b/2015/1xxx/CVE-2015-1271.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=446032", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=446032" - }, - { - "name" : "https://codereview.chromium.org/1226403008", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1226403008" - }, - { - "name" : "DSA-3315", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3315" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codereview.chromium.org/1226403008", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1226403008" + }, + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=446032", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=446032" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "DSA-3315", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3315" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1626.json b/2015/1xxx/CVE-2015-1626.json index 51119b4d768..b4a11380258 100644 --- a/2015/1xxx/CVE-2015-1626.json +++ b/2015/1xxx/CVE-2015-1626.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0056 and CVE-2015-1623." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" - }, - { - "name" : "72930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72930" - }, - { - "name" : "1031888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0056 and CVE-2015-1623." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" + }, + { + "name": "1031888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031888" + }, + { + "name": "72930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72930" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1838.json b/2015/1xxx/CVE-2015-1838.json index 896d5b19312..8af3988cdd3 100644 --- a/2015/1xxx/CVE-2015-1838.json +++ b/2015/1xxx/CVE-2015-1838.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212784", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212784" - }, - { - "name" : "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html", - "refsource" : "CONFIRM", - "url" : "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html" - }, - { - "name" : "https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c", - "refsource" : "CONFIRM", - "url" : "https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c" - }, - { - "name" : "FEDORA-2016-105b3b8804", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-105b3b8804", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212784", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212784" + }, + { + "name": "https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c", + "refsource": "CONFIRM", + "url": "https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c" + }, + { + "name": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html", + "refsource": "CONFIRM", + "url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5079.json b/2015/5xxx/CVE-2015-5079.json index 7c3a0bf65ee..ddf4af95711 100644 --- a/2015/5xxx/CVE-2015-5079.json +++ b/2015/5xxx/CVE-2015-5079.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150701 Path Traversal in BlackCat CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535900/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/132541/BlackCat-CMS-1.1.1-Path-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132541/BlackCat-CMS-1.1.1-Path-Traversal.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23263", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132541/BlackCat-CMS-1.1.1-Path-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132541/BlackCat-CMS-1.1.1-Path-Traversal.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23263", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23263" + }, + { + "name": "20150701 Path Traversal in BlackCat CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535900/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5871.json b/2015/5xxx/CVE-2015-5871.json index deac0d1d2cc..ba8350a376a 100644 --- a/2015/5xxx/CVE-2015-5871.json +++ b/2015/5xxx/CVE-2015-5871.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11029.json b/2018/11xxx/CVE-2018-11029.json index 9186a0ea263..8fbe1c70def 100644 --- a/2018/11xxx/CVE-2018-11029.json +++ b/2018/11xxx/CVE-2018-11029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11029", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11029", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11097.json b/2018/11xxx/CVE-2018-11097.json index 91de9453e77..081d662c64b 100644 --- a/2018/11xxx/CVE-2018-11097.json +++ b/2018/11xxx/CVE-2018-11097.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in cloudwu/cstring through 2016-11-09. There is a memory leak vulnerability that could lead to a program crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cloudwu/cstring/issues/6", - "refsource" : "MISC", - "url" : "https://github.com/cloudwu/cstring/issues/6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in cloudwu/cstring through 2016-11-09. There is a memory leak vulnerability that could lead to a program crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cloudwu/cstring/issues/6", + "refsource": "MISC", + "url": "https://github.com/cloudwu/cstring/issues/6" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11105.json b/2018/11xxx/CVE-2018-11105.json index d02ebe5a6ec..0eff0ee6607 100644 --- a/2018/11xxx/CVE-2018-11105.json +++ b/2018/11xxx/CVE-2018-11105.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the \"name\" (aka wplc_name) and \"email\" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-11105", - "refsource" : "MISC", - "url" : "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-11105" - }, - { - "name" : "https://wordpress.org/plugins/wp-live-chat-support/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/wp-live-chat-support/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the \"name\" (aka wplc_name) and \"email\" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wp-live-chat-support/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/wp-live-chat-support/#developers" + }, + { + "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-11105", + "refsource": "MISC", + "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-11105" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11420.json b/2018/11xxx/CVE-2018-11420.json index f0d263ee2d9..00dad140be2 100644 --- a/2018/11xxx/CVE-2018-11420.json +++ b/2018/11xxx/CVE-2018-11420.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11420", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11420", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15022.json b/2018/15xxx/CVE-2018-15022.json index 8ebad3594ad..8d74606bdef 100644 --- a/2018/15xxx/CVE-2018-15022.json +++ b/2018/15xxx/CVE-2018-15022.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15022", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15022", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3105.json b/2018/3xxx/CVE-2018-3105.json index 15070269d73..951ffd93735 100644 --- a/2018/3xxx/CVE-2018-3105.json +++ b/2018/3xxx/CVE-2018-3105.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SOA Suite", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.7.0" - }, - { - "version_affected" : "=", - "version_value" : "11.1.1.9.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Health Care FastPath). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle SOA Suite accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle SOA Suite accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SOA Suite", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.7.0" + }, + { + "version_affected": "=", + "version_value": "11.1.1.9.0" + }, + { + "version_affected": "=", + "version_value": "12.1.3.0.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Health Care FastPath). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle SOA Suite accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle SOA Suite accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104821" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3150.json b/2018/3xxx/CVE-2018-3150.json index 87d213eb88f..74f41966793 100644 --- a/2018/3xxx/CVE-2018-3150.json +++ b/2018/3xxx/CVE-2018-3150.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 11" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 11" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0001/" - }, - { - "name" : "RHSA-2018:3521", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3521" - }, - { - "name" : "USN-3804-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3804-1/" - }, - { - "name" : "105597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105597" - }, - { - "name" : "1041889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0001/" + }, + { + "name": "105597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105597" + }, + { + "name": "USN-3804-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3804-1/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "1041889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041889" + }, + { + "name": "RHSA-2018:3521", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3521" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3736.json b/2018/3xxx/CVE-2018-3736.json index 7544c07f54a..057f7c6a55f 100644 --- a/2018/3xxx/CVE-2018-3736.json +++ b/2018/3xxx/CVE-2018-3736.json @@ -1,19 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3736", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3739. Reason: This candidate is a duplicate of CVE-2018-3739. Notes: All CVE users should reference CVE-2018-3739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-3736", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3739. Reason: This candidate is a duplicate of CVE-2018-3739. Notes: All CVE users should reference CVE-2018-3739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3857.json b/2018/3xxx/CVE-2018-3857.json index bd02a07d769..5224a55e78a 100644 --- a/2018/3xxx/CVE-2018-3857.json +++ b/2018/3xxx/CVE-2018-3857.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-19T00:00:00", - "ID" : "CVE-2018-3857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Canvas Draw", - "version" : { - "version_data" : [ - { - "version_value" : "ACD Systems Canvas Draw 4.0" - } - ] - } - } - ] - }, - "vendor_name" : "ACD Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3858." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122: Heap-Based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-19T00:00:00", + "ID": "CVE-2018-3857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Canvas Draw", + "version": { + "version_data": [ + { + "version_value": "ACD Systems Canvas Draw 4.0" + } + ] + } + } + ] + }, + "vendor_name": "ACD Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0541", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3858." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-Based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0541", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0541" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8583.json b/2018/8xxx/CVE-2018-8583.json index 33cf3eccc11..0c3b92913e5 100644 --- a/2018/8xxx/CVE-2018-8583.json +++ b/2018/8xxx/CVE-2018-8583.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8617, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8583", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8583" - }, - { - "name" : "106111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8617, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106111" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8583", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8583" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8881.json b/2018/8xxx/CVE-2018-8881.json index ed3031c0539..4d43c51339f 100644 --- a/2018/8xxx/CVE-2018-8881.json +++ b/2018/8xxx/CVE-2018-8881.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392446", - "refsource" : "MISC", - "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392446" - }, - { - "name" : "USN-3694-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3694-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392446", + "refsource": "MISC", + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392446" + }, + { + "name": "USN-3694-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3694-1/" + } + ] + } +} \ No newline at end of file