From d807517e1d86e0ad4a2f6da3a810150c72a9bc62 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:46:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0312.json | 150 +++++++-------- 2005/0xxx/CVE-2005-0318.json | 140 +++++++------- 2005/0xxx/CVE-2005-0567.json | 170 ++++++++--------- 2005/0xxx/CVE-2005-0775.json | 150 +++++++-------- 2005/0xxx/CVE-2005-0777.json | 150 +++++++-------- 2005/0xxx/CVE-2005-0854.json | 160 ++++++++-------- 2005/1xxx/CVE-2005-1237.json | 200 ++++++++++---------- 2005/1xxx/CVE-2005-1353.json | 120 ++++++------ 2005/1xxx/CVE-2005-1417.json | 160 ++++++++-------- 2005/1xxx/CVE-2005-1477.json | 300 +++++++++++++++--------------- 2005/4xxx/CVE-2005-4039.json | 170 ++++++++--------- 2005/4xxx/CVE-2005-4638.json | 140 +++++++------- 2005/4xxx/CVE-2005-4757.json | 140 +++++++------- 2005/4xxx/CVE-2005-4768.json | 140 +++++++------- 2005/4xxx/CVE-2005-4796.json | 160 ++++++++-------- 2009/0xxx/CVE-2009-0112.json | 150 +++++++-------- 2009/0xxx/CVE-2009-0172.json | 230 +++++++++++------------ 2009/0xxx/CVE-2009-0314.json | 220 +++++++++++----------- 2009/0xxx/CVE-2009-0326.json | 130 ++++++------- 2009/0xxx/CVE-2009-0712.json | 200 ++++++++++---------- 2009/0xxx/CVE-2009-0746.json | 290 ++++++++++++++--------------- 2009/1xxx/CVE-2009-1271.json | 330 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1692.json | 310 +++++++++++++++---------------- 2009/3xxx/CVE-2009-3004.json | 120 ++++++------ 2009/3xxx/CVE-2009-3017.json | 140 +++++++------- 2009/3xxx/CVE-2009-3096.json | 130 ++++++------- 2009/3xxx/CVE-2009-3600.json | 150 +++++++-------- 2009/4xxx/CVE-2009-4107.json | 130 ++++++------- 2009/4xxx/CVE-2009-4171.json | 140 +++++++------- 2009/4xxx/CVE-2009-4293.json | 180 +++++++++--------- 2009/4xxx/CVE-2009-4650.json | 150 +++++++-------- 2009/4xxx/CVE-2009-4729.json | 180 +++++++++--------- 2009/4xxx/CVE-2009-4930.json | 130 ++++++------- 2012/2xxx/CVE-2012-2115.json | 210 ++++++++++----------- 2012/2xxx/CVE-2012-2389.json | 180 +++++++++--------- 2012/2xxx/CVE-2012-2594.json | 34 ++-- 2012/6xxx/CVE-2012-6103.json | 140 +++++++------- 2012/6xxx/CVE-2012-6236.json | 34 ++-- 2015/1xxx/CVE-2015-1106.json | 150 +++++++-------- 2015/1xxx/CVE-2015-1212.json | 310 +++++++++++++++---------------- 2015/1xxx/CVE-2015-1580.json | 120 ++++++------ 2015/1xxx/CVE-2015-1763.json | 130 ++++++------- 2015/1xxx/CVE-2015-1949.json | 150 +++++++-------- 2015/5xxx/CVE-2015-5380.json | 160 ++++++++-------- 2015/5xxx/CVE-2015-5522.json | 250 ++++++++++++------------- 2015/5xxx/CVE-2015-5700.json | 170 ++++++++--------- 2018/11xxx/CVE-2018-11306.json | 34 ++-- 2018/11xxx/CVE-2018-11694.json | 120 ++++++------ 2018/11xxx/CVE-2018-11811.json | 34 ++-- 2018/11xxx/CVE-2018-11943.json | 130 ++++++------- 2018/3xxx/CVE-2018-3409.json | 34 ++-- 2018/7xxx/CVE-2018-7080.json | 130 ++++++------- 2018/7xxx/CVE-2018-7246.json | 120 ++++++------ 2018/7xxx/CVE-2018-7977.json | 120 ++++++------ 2018/8xxx/CVE-2018-8215.json | 240 ++++++++++++------------ 2018/8xxx/CVE-2018-8222.json | 240 ++++++++++++------------ 2018/8xxx/CVE-2018-8244.json | 202 ++++++++++---------- 2018/8xxx/CVE-2018-8513.json | 178 +++++++++--------- 2018/8xxx/CVE-2018-8530.json | 170 ++++++++--------- 59 files changed, 4775 insertions(+), 4775 deletions(-) diff --git a/2005/0xxx/CVE-2005-0312.json b/2005/0xxx/CVE-2005-0312.json index b36cb0443ee..9fcfc9bf3b0 100644 --- a/2005/0xxx/CVE-2005-0312.json +++ b/2005/0xxx/CVE-2005-0312.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of \"%s\" sequences, possibly indicating a format string vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050127 WarFTPD 1.82 RC9 DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110687202332039&w=2" - }, - { - "name" : "http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643", - "refsource" : "CONFIRM", - "url" : "http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643" - }, - { - "name" : "12384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12384" - }, - { - "name" : "warftpd-cwd-dos(19129)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of \"%s\" sequences, possibly indicating a format string vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "warftpd-cwd-dos(19129)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19129" + }, + { + "name": "12384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12384" + }, + { + "name": "http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643", + "refsource": "CONFIRM", + "url": "http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643" + }, + { + "name": "20050127 WarFTPD 1.82 RC9 DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110687202332039&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0318.json b/2005/0xxx/CVE-2005-0318.json index 4eea6625300..c9b13674bd1 100644 --- a/2005/0xxx/CVE-2005-0318.json +++ b/2005/0xxx/CVE-2005-0318.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050128 Multiple vulnerabilities in Alt-N WebAdmin <= 3.0.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110692897003614&w=2" - }, - { - "name" : "12395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12395" - }, - { - "name" : "1013038", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013038", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013038" + }, + { + "name": "12395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12395" + }, + { + "name": "20050128 Multiple vulnerabilities in Alt-N WebAdmin <= 3.0.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110692897003614&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0567.json b/2005/0xxx/CVE-2005-0567.json index d6d8fce2949..3bfb75655be 100644 --- a/2005/0xxx/CVE-2005-0567.json +++ b/2005/0xxx/CVE-2005-0567.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110929725801154&w=2" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1149381&group_id=23067&atid=377408", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1149381&group_id=23067&atid=377408" - }, - { - "name" : "12645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12645" - }, - { - "name" : "14382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14382/" - }, - { - "name" : "phpmyadmin-file-include(19465)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpmyadmin-file-include(19465)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19465" + }, + { + "name": "14382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14382/" + }, + { + "name": "12645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12645" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1149381&group_id=23067&atid=377408", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1149381&group_id=23067&atid=377408" + }, + { + "name": "20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110929725801154&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0775.json b/2005/0xxx/CVE-2005-0775.json index c2b906b4962..ef705e93cac 100644 --- a/2005/0xxx/CVE-2005-0775.json +++ b/2005/0xxx/CVE-2005-0775.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050311 PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111065868402859&w=2" - }, - { - "name" : "12779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12779" - }, - { - "name" : "14576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14576" - }, - { - "name" : "photopost-email-security-bypass(19676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12779" + }, + { + "name": "photopost-email-security-bypass(19676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19676" + }, + { + "name": "20050311 PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111065868402859&w=2" + }, + { + "name": "14576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14576" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0777.json b/2005/0xxx/CVE-2005-0777.json index c1fb00f08bc..039885a2e7d 100644 --- a/2005/0xxx/CVE-2005-0777.json +++ b/2005/0xxx/CVE-2005-0777.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050311 PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111065868402859&w=2" - }, - { - "name" : "12779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12779" - }, - { - "name" : "14576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14576" - }, - { - "name" : "photopost-editbio-xss(19678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12779" + }, + { + "name": "20050311 PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111065868402859&w=2" + }, + { + "name": "photopost-editbio-xss(19678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19678" + }, + { + "name": "14576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14576" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0854.json b/2005/0xxx/CVE-2005-0854.json index 5d27c055ada..2a83af5b05b 100644 --- a/2005/0xxx/CVE-2005-0854.json +++ b/2005/0xxx/CVE-2005-0854.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050319 2 vulnerabilities in BetaParticle", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Mar/0360.html" - }, - { - "name" : "http://blog.betaparticle.com/template_permalink.asp?id=68", - "refsource" : "CONFIRM", - "url" : "http://blog.betaparticle.com/template_permalink.asp?id=68" - }, - { - "name" : "12861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12861" - }, - { - "name" : "14668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14668" - }, - { - "name" : "betaparticle-blog-authentication-bypass(19781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "betaparticle-blog-authentication-bypass(19781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19781" + }, + { + "name": "http://blog.betaparticle.com/template_permalink.asp?id=68", + "refsource": "CONFIRM", + "url": "http://blog.betaparticle.com/template_permalink.asp?id=68" + }, + { + "name": "14668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14668" + }, + { + "name": "20050319 2 vulnerabilities in BetaParticle", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Mar/0360.html" + }, + { + "name": "12861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12861" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1237.json b/2005/1xxx/CVE-2005-1237.json index 8ef59121aef..ffcd8f17958 100644 --- a/2005/1xxx/CVE-2005-1237.json +++ b/2005/1xxx/CVE-2005-1237.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3631", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3631" - }, - { - "name" : "20070411 Rediscovery: Flexphpnews news.php/newsid SQL injection", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-April/001506.html" - }, - { - "name" : "13297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13297" - }, - { - "name" : "23247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23247" - }, - { - "name" : "ADV-2005-0373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0373" - }, - { - "name" : "15715", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15715" - }, - { - "name" : "14905", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14905" - }, - { - "name" : "flexphpnews-newsphp-sql-injection(20214)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20214" - }, - { - "name" : "flexphpnew-news-sql-injection(33362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15715", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15715" + }, + { + "name": "3631", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3631" + }, + { + "name": "13297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13297" + }, + { + "name": "14905", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14905" + }, + { + "name": "flexphpnew-news-sql-injection(33362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33362" + }, + { + "name": "20070411 Rediscovery: Flexphpnews news.php/newsid SQL injection", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-April/001506.html" + }, + { + "name": "ADV-2005-0373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0373" + }, + { + "name": "flexphpnews-newsphp-sql-injection(20214)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20214" + }, + { + "name": "23247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23247" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1353.json b/2005/1xxx/CVE-2005-1353.json index 7b60ff59e9d..2bc786e621b 100644 --- a/2005/1xxx/CVE-2005-1353.json +++ b/2005/1xxx/CVE-2005-1353.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The forum.pl script allows remote attackers to read arbitrary files via a full pathname in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050424 remote command execution in forum.pl script", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111446056205059&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The forum.pl script allows remote attackers to read arbitrary files via a full pathname in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050424 remote command execution in forum.pl script", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111446056205059&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1417.json b/2005/1xxx/CVE-2005-1417.json index 9d67afa3539..a9a8e969acf 100644 --- a/2005/1xxx/CVE-2005-1417.json +++ b/2005/1xxx/CVE-2005-1417.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update", - "refsource" : "CONFIRM", - "url" : "http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update" - }, - { - "name" : "http://www.maxwebportal.info/downloads/mwp_security_fixes.zip", - "refsource" : "CONFIRM", - "url" : "http://www.maxwebportal.info/downloads/mwp_security_fixes.zip" - }, - { - "name" : "13466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13466" - }, - { - "name" : "1013845", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013845" - }, - { - "name" : "15214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.maxwebportal.info/downloads/mwp_security_fixes.zip", + "refsource": "CONFIRM", + "url": "http://www.maxwebportal.info/downloads/mwp_security_fixes.zip" + }, + { + "name": "13466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13466" + }, + { + "name": "http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update", + "refsource": "CONFIRM", + "url": "http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update" + }, + { + "name": "15214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15214" + }, + { + "name": "1013845", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013845" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1477.json b/2005/1xxx/CVE-2005-1477.json index 88c6e43ee49..79eab630e3a 100644 --- a/2005/1xxx/CVE-2005-1477.json +++ b/2005/1xxx/CVE-2005-1477.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050508 Firefox Remote Compromise Leaked", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=111553138007647&w=2" - }, - { - "name" : "20050508 Firefox Remote Compromise Technical Details", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=111556301530553&w=2" - }, - { - "name" : "http://greyhatsecurity.org/firefox.htm", - "refsource" : "MISC", - "url" : "http://greyhatsecurity.org/firefox.htm" - }, - { - "name" : "http://greyhatsecurity.org/vulntests/ffrc.htm", - "refsource" : "MISC", - "url" : "http://greyhatsecurity.org/vulntests/ffrc.htm" - }, - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-42.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-42.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=293302", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=293302" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=292691", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=292691" - }, - { - "name" : "RHSA-2005:434", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-434.html" - }, - { - "name" : "RHSA-2005:435", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-435.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "VU#648758", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/648758" - }, - { - "name" : "13544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13544" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "oval:org.mitre.oval:def:9231", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231" - }, - { - "name" : "ADV-2005-0493", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0493" - }, - { - "name" : "oval:org.mitre.oval:def:100001", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001" - }, - { - "name" : "1013913", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013913" - }, - { - "name" : "15292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15292" - }, - { - "name" : "mozilla-javascript-code-execution(20443)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=292691", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=292691" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "oval:org.mitre.oval:def:9231", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231" + }, + { + "name": "RHSA-2005:435", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-435.html" + }, + { + "name": "1013913", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013913" + }, + { + "name": "15292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15292" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=293302", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=293302" + }, + { + "name": "20050508 Firefox Remote Compromise Technical Details", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=111556301530553&w=2" + }, + { + "name": "oval:org.mitre.oval:def:100001", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001" + }, + { + "name": "13544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13544" + }, + { + "name": "http://greyhatsecurity.org/vulntests/ffrc.htm", + "refsource": "MISC", + "url": "http://greyhatsecurity.org/vulntests/ffrc.htm" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-42.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-42.html" + }, + { + "name": "mozilla-javascript-code-execution(20443)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20443" + }, + { + "name": "http://greyhatsecurity.org/firefox.htm", + "refsource": "MISC", + "url": "http://greyhatsecurity.org/firefox.htm" + }, + { + "name": "RHSA-2005:434", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-434.html" + }, + { + "name": "ADV-2005-0493", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0493" + }, + { + "name": "VU#648758", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/648758" + }, + { + "name": "20050508 Firefox Remote Compromise Leaked", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=111553138007647&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4039.json b/2005/4xxx/CVE-2005-4039.json index e02b7413f54..186c05c28a8 100644 --- a/2005/4xxx/CVE-2005-4039.json +++ b/2005/4xxx/CVE-2005-4039.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html" - }, - { - "name" : "15718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15718" - }, - { - "name" : "ADV-2005-2733", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2733" - }, - { - "name" : "21423", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21423" - }, - { - "name" : "17880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17880" - }, - { - "name" : "portal-solutions-arhiva-directory-traversal(23421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "portal-solutions-arhiva-directory-traversal(23421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23421" + }, + { + "name": "ADV-2005-2733", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2733" + }, + { + "name": "15718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15718" + }, + { + "name": "21423", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21423" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html" + }, + { + "name": "17880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17880" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4638.json b/2005/4xxx/CVE-2005-4638.json index ec6b9ac1147..2143243da21 100644 --- a/2005/4xxx/CVE-2005-4638.json +++ b/2005/4xxx/CVE-2005-4638.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html" - }, - { - "name" : "22226", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22226" - }, - { - "name" : "kayakosupportsuite-index-path-disclosure(23917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html" + }, + { + "name": "22226", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22226" + }, + { + "name": "kayakosupportsuite-index-path-disclosure(23917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23917" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4757.json b/2005/4xxx/CVE-2005-4757.json index 9146b9a9a46..a27f64bb19f 100644 --- a/2005/4xxx/CVE-2005-4757.json +++ b/2005/4xxx/CVE-2005-4757.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly \"constrain\" a \"/\" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA05-93.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/147" - }, - { - "name" : "15052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15052" - }, - { - "name" : "17138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly \"constrain\" a \"/\" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA05-93.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/147" + }, + { + "name": "15052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15052" + }, + { + "name": "17138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17138" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4768.json b/2005/4xxx/CVE-2005-4768.json index dfaee631c76..82955b4ac4c 100644 --- a/2005/4xxx/CVE-2005-4768.json +++ b/2005/4xxx/CVE-2005-4768.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/24/24052-tuxbank.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/24/24052-tuxbank.txt" - }, - { - "name" : "17376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17376" - }, - { - "name" : "24052", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24052", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24052" + }, + { + "name": "http://osvdb.org/ref/24/24052-tuxbank.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/24/24052-tuxbank.txt" + }, + { + "name": "17376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17376" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4796.json b/2005/4xxx/CVE-2005-4796.json index d7cc63e6fa4..c51098eb96f 100644 --- a/2005/4xxx/CVE-2005-4796.json +++ b/2005/4xxx/CVE-2005-4796.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "100881", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-100881-1" - }, - { - "name" : "27525", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-27525-1" - }, - { - "name" : "P-264", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-264.shtml" - }, - { - "name" : "13016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13016" - }, - { - "name" : "18809", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27525", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-27525-1" + }, + { + "name": "13016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13016" + }, + { + "name": "100881", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-100881-1" + }, + { + "name": "18809", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18809" + }, + { + "name": "P-264", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-264.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0112.json b/2009/0xxx/CVE-2009-0112.json index a5a66f52eb8..83490713ffb 100644 --- a/2009/0xxx/CVE-2009-0112.json +++ b/2009/0xxx/CVE-2009-0112.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090103 PollPro 3.0 XSRF VuLn", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=123117044713213&w=2" - }, - { - "name" : "33319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33319" - }, - { - "name" : "4895", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4895" - }, - { - "name" : "pollpro-unspecified-csrf(47754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pollpro-unspecified-csrf(47754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47754" + }, + { + "name": "4895", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4895" + }, + { + "name": "33319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33319" + }, + { + "name": "20090103 PollPro 3.0 XSRF VuLn", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=123117044713213&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0172.json b/2009/0xxx/CVE-2009-0172.json index 11d38f6105d..b9ec424cefd 100644 --- a/2009/0xxx/CVE-2009-0172.json +++ b/2009/0xxx/CVE-2009-0172.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21363936", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21363936" - }, - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" - }, - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT" - }, - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "IZ36534", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ36534" - }, - { - "name" : "IZ37697", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ37697" - }, - { - "name" : "IZ37696", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ37696" - }, - { - "name" : "33258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33258" - }, - { - "name" : "ADV-2009-0137", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0137" - }, - { - "name" : "1021591", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021591" - }, - { - "name" : "33529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33529" - }, - { - "name" : "ibm-db2-connect-stream-dos(47931)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" + }, + { + "name": "IZ36534", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ36534" + }, + { + "name": "1021591", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021591" + }, + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT" + }, + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "IZ37696", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ37696" + }, + { + "name": "33529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33529" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21363936", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21363936" + }, + { + "name": "ADV-2009-0137", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0137" + }, + { + "name": "33258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33258" + }, + { + "name": "IZ37697", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ37697" + }, + { + "name": "ibm-db2-connect-stream-dos(47931)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47931" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0314.json b/2009/0xxx/CVE-2009-0314.json index bdfc638c7aa..16159727390 100644 --- a/2009/0xxx/CVE-2009-0314.json +++ b/2009/0xxx/CVE-2009-0314.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/01/26/2" - }, - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=569214", - "refsource" : "MISC", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=569214" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=481556", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=481556" - }, - { - "name" : "FEDORA-2009-1189", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01195.html" - }, - { - "name" : "GLSA-200903-41", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-41.xml" - }, - { - "name" : "MDVSA-2009:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:039" - }, - { - "name" : "33445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33445" - }, - { - "name" : "33759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33759" - }, - { - "name" : "33769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33769" - }, - { - "name" : "34522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34522" - }, - { - "name" : "gedit-pysyssetargv-privilege-escalation(48271)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33769" + }, + { + "name": "MDVSA-2009:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:039" + }, + { + "name": "gedit-pysyssetargv-privilege-escalation(48271)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48271" + }, + { + "name": "FEDORA-2009-1189", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01195.html" + }, + { + "name": "33445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33445" + }, + { + "name": "GLSA-200903-41", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-41.xml" + }, + { + "name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=569214", + "refsource": "MISC", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=569214" + }, + { + "name": "34522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34522" + }, + { + "name": "33759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33759" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=481556", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481556" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0326.json b/2009/0xxx/CVE-2009-0326.json index 4eb3f6b3944..6f623d6009a 100644 --- a/2009/0xxx/CVE-2009-0326.json +++ b/2009/0xxx/CVE-2009-0326.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33271" - }, - { - "name" : "darkagecms-login-sql-injection(48095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "darkagecms-login-sql-injection(48095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48095" + }, + { + "name": "33271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33271" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0712.json b/2009/0xxx/CVE-2009-0712.json index 23575766e98..0c41a951d89 100644 --- a/2009/0xxx/CVE-2009-0712.json +++ b/2009/0xxx/CVE-2009-0712.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02412", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01655638" - }, - { - "name" : "SSRT080040", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01655638" - }, - { - "name" : "HPSBMA02413", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123688841217193&w=2" - }, - { - "name" : "34078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34078" - }, - { - "name" : "52592", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52592" - }, - { - "name" : "1021835", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021835" - }, - { - "name" : "34243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34243" - }, - { - "name" : "34276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34276" - }, - { - "name" : "ADV-2009-0671", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02413", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123688841217193&w=2" + }, + { + "name": "52592", + "refsource": "OSVDB", + "url": "http://osvdb.org/52592" + }, + { + "name": "34243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34243" + }, + { + "name": "SSRT080040", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01655638" + }, + { + "name": "34078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34078" + }, + { + "name": "34276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34276" + }, + { + "name": "HPSBMA02412", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01655638" + }, + { + "name": "1021835", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021835" + }, + { + "name": "ADV-2009-0671", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0671" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0746.json b/2009/0xxx/CVE-2009-0746.json index 9165d455461..c5e4de47965 100644 --- a/2009/0xxx/CVE-2009-0746.json +++ b/2009/0xxx/CVE-2009-0746.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://bugzilla.kernel.org/show_bug.cgi?id=12430", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.kernel.org/show_bug.cgi?id=12430" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "DSA-1749", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1749" - }, - { - "name" : "RHSA-2009:1243", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-1243.html" - }, - { - "name" : "USN-751-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-751-1" - }, - { - "name" : "52202", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52202" - }, - { - "name" : "oval:org.mitre.oval:def:10342", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10342" - }, - { - "name" : "oval:org.mitre.oval:def:8039", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8039" - }, - { - "name" : "34394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34394" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "36562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36562" - }, - { - "name" : "ADV-2009-0509", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0509" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "linux-kernel-makeindexeddir-ext4-dos(48872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:8039", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8039" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19" + }, + { + "name": "ADV-2009-0509", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0509" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "RHSA-2009:1243", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "linux-kernel-makeindexeddir-ext4-dos(48872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48872" + }, + { + "name": "DSA-1749", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1749" + }, + { + "name": "52202", + "refsource": "OSVDB", + "url": "http://osvdb.org/52202" + }, + { + "name": "USN-751-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-751-1" + }, + { + "name": "http://bugzilla.kernel.org/show_bug.cgi?id=12430", + "refsource": "CONFIRM", + "url": "http://bugzilla.kernel.org/show_bug.cgi?id=12430" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "36562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36562" + }, + { + "name": "34394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34394" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7" + }, + { + "name": "oval:org.mitre.oval:def:10342", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10342" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1271.json b/2009/1xxx/CVE-2009-1271.json index 83bc8052523..4e1f94c77dd 100644 --- a/2009/1xxx/CVE-2009-1271.json +++ b/2009/1xxx/CVE-2009-1271.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090401 CVE request: PHP 5.2.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/04/01/9" - }, - { - "name" : "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15", - "refsource" : "MISC", - "url" : "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15" - }, - { - "name" : "http://www.php.net/releases/5_2_9.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_2_9.php" - }, - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "DSA-1775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1775" - }, - { - "name" : "DSA-1789", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1789" - }, - { - "name" : "FEDORA-2009-3768", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html" - }, - { - "name" : "FEDORA-2009-3848", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html" - }, - { - "name" : "MDVSA-2009:090", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:090" - }, - { - "name" : "RHSA-2009:0350", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0350.html" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "USN-761-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/761-1/" - }, - { - "name" : "USN-761-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-761-2" - }, - { - "name" : "34770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34770" - }, - { - "name" : "34830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34830" - }, - { - "name" : "34933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34933" - }, - { - "name" : "35003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35003" - }, - { - "name" : "35007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35007" - }, - { - "name" : "35306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35306" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090401 CVE request: PHP 5.2.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/04/01/9" + }, + { + "name": "DSA-1775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1775" + }, + { + "name": "FEDORA-2009-3768", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html" + }, + { + "name": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15", + "refsource": "MISC", + "url": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15" + }, + { + "name": "34770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34770" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "http://www.php.net/releases/5_2_9.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_2_9.php" + }, + { + "name": "35007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35007" + }, + { + "name": "34933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34933" + }, + { + "name": "34830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34830" + }, + { + "name": "USN-761-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-761-2" + }, + { + "name": "RHSA-2009:0350", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html" + }, + { + "name": "FEDORA-2009-3848", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html" + }, + { + "name": "35003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35003" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + }, + { + "name": "MDVSA-2009:090", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:090" + }, + { + "name": "35306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35306" + }, + { + "name": "USN-761-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/761-1/" + }, + { + "name": "DSA-1789", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1789" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1692.json b/2009/1xxx/CVE-2009-1692.json index 33278d5db2b..0c8a1c904b4 100644 --- a/2009/1xxx/CVE-2009-1692.json +++ b/2009/1xxx/CVE-2009-1692.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504989/100/0/threaded" - }, - { - "name" : "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504988/100/0/threaded" - }, - { - "name" : "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504969/100/0/threaded" - }, - { - "name" : "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505006/100/0/threaded" - }, - { - "name" : "9160", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/9160" - }, - { - "name" : "http://www.g-sec.lu/one-bug-to-rule-them-all.html", - "refsource" : "MISC", - "url" : "http://www.g-sec.lu/one-bug-to-rule-them-all.html" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=23319", - "refsource" : "MISC", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=23319" - }, - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121", - "refsource" : "CONFIRM", - "url" : "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "DSA-1950", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1950" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "35414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35414" - }, - { - "name" : "35446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35446" - }, - { - "name" : "55242", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55242" - }, - { - "name" : "37746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37746" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "36977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36977" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35446" + }, + { + "name": "9160", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/9160" + }, + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "http://www.g-sec.lu/one-bug-to-rule-them-all.html", + "refsource": "MISC", + "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121", + "refsource": "CONFIRM", + "url": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121" + }, + { + "name": "35414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35414" + }, + { + "name": "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded" + }, + { + "name": "37746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37746" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "36977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36977" + }, + { + "name": "DSA-1950", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1950" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded" + }, + { + "name": "55242", + "refsource": "OSVDB", + "url": "http://osvdb.org/55242" + }, + { + "name": "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=23319", + "refsource": "MISC", + "url": "https://bugs.webkit.org/show_bug.cgi?id=23319" + }, + { + "name": "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3004.json b/2009/3xxx/CVE-2009-3004.json index a369f16e1ec..6fe9042f977 100644 --- a/2009/3xxx/CVE-2009-3004.json +++ b/2009/3xxx/CVE-2009-3004.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3017.json b/2009/3xxx/CVE-2009-3017.json index 54341db958e..1033f127d05 100644 --- a/2009/3xxx/CVE-2009-3017.json +++ b/2009/3xxx/CVE-2009-3017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (3) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location HTTP response header or (6) specifying the content of a Location HTTP response header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506163/100/0/threaded" - }, - { - "name" : "http://websecurity.com.ua/3386/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/3386/" - }, - { - "name" : "orca-browser-data-xss(53002)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (3) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location HTTP response header or (6) specifying the content of a Location HTTP response header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "orca-browser-data-xss(53002)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53002" + }, + { + "name": "http://websecurity.com.ua/3386/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/3386/" + }, + { + "name": "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3096.json b/2009/3xxx/CVE-2009-3096.json index 4c7a9365eb5..dc94b564194 100644 --- a/2009/3xxx/CVE-2009-3096.json +++ b/2009/3xxx/CVE-2009-3096.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a \"Remote exploit\" on Windows platforms, and (2) a \"Remote preauthentication exploit\" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a \"Remote exploit\" on Windows platforms, and (2) a \"Remote preauthentication exploit\" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36520" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3600.json b/2009/3xxx/CVE-2009-3600.json index dd21d34a8c0..d32d814a76d 100644 --- a/2009/3xxx/CVE-2009-3600.json +++ b/2009/3xxx/CVE-2009-3600.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/hubscript-xssphpinfo.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/hubscript-xssphpinfo.txt" - }, - { - "name" : "55962", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55962" - }, - { - "name" : "35895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35895" - }, - { - "name" : "hubscript-phpinfo-information-disclosure(51830)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55962", + "refsource": "OSVDB", + "url": "http://osvdb.org/55962" + }, + { + "name": "35895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35895" + }, + { + "name": "hubscript-phpinfo-information-disclosure(51830)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51830" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/hubscript-xssphpinfo.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/hubscript-xssphpinfo.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4107.json b/2009/4xxx/CVE-2009-4107.json index dd2034c69fb..4f58a7ab93c 100644 --- a/2009/4xxx/CVE-2009-4107.json +++ b/2009/4xxx/CVE-2009-4107.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remote attackers to execute arbitrary code via a crafted .ibkey file containing a long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9655", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9655" - }, - { - "name" : "http://hjafari.blogspot.com/2009/09/invisible-browsing-5052-ibkey-local.html", - "refsource" : "MISC", - "url" : "http://hjafari.blogspot.com/2009/09/invisible-browsing-5052-ibkey-local.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remote attackers to execute arbitrary code via a crafted .ibkey file containing a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9655", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9655" + }, + { + "name": "http://hjafari.blogspot.com/2009/09/invisible-browsing-5052-ibkey-local.html", + "refsource": "MISC", + "url": "http://hjafari.blogspot.com/2009/09/invisible-browsing-5052-ibkey-local.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4171.json b/2009/4xxx/CVE-2009-4171.json index 71feccb3517..d4d8f379a01 100644 --- a/2009/4xxx/CVE-2009-4171.json +++ b/2009/4xxx/CVE-2009-4171.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507818/100/0/threaded" - }, - { - "name" : "37007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37007" - }, - { - "name" : "yahoo-messenger-activex-dos(54263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded" + }, + { + "name": "yahoo-messenger-activex-dos(54263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263" + }, + { + "name": "37007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37007" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4293.json b/2009/4xxx/CVE-2009-4293.json index b321d2d36fd..358c01481fd 100644 --- a/2009/4xxx/CVE-2009-4293.json +++ b/2009/4xxx/CVE-2009-4293.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service (system restart) via crafted GRE packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.seil.jp/seilseries/security/2009/a00674.php", - "refsource" : "CONFIRM", - "url" : "http://www.seil.jp/seilseries/security/2009/a00674.php" - }, - { - "name" : "JVN#13011682", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN13011682/index.html" - }, - { - "name" : "JVNDB-2009-000070", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000070.html" - }, - { - "name" : "59361", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59361" - }, - { - "name" : "37154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37154" - }, - { - "name" : "ADV-2009-3111", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3111" - }, - { - "name" : "seil-gre-dos(54050)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service (system restart) via crafted GRE packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3111", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3111" + }, + { + "name": "http://www.seil.jp/seilseries/security/2009/a00674.php", + "refsource": "CONFIRM", + "url": "http://www.seil.jp/seilseries/security/2009/a00674.php" + }, + { + "name": "59361", + "refsource": "OSVDB", + "url": "http://osvdb.org/59361" + }, + { + "name": "JVNDB-2009-000070", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000070.html" + }, + { + "name": "JVN#13011682", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN13011682/index.html" + }, + { + "name": "seil-gre-dos(54050)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54050" + }, + { + "name": "37154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37154" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4650.json b/2009/4xxx/CVE-2009-4650.json index b65fa4704e7..79b408ba268 100644 --- a/2009/4xxx/CVE-2009-4650.json +++ b/2009/4xxx/CVE-2009-4650.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html" - }, - { - "name" : "38204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38204" - }, - { - "name" : "62334", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62334" - }, - { - "name" : "38625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62334", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62334" + }, + { + "name": "38625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38625" + }, + { + "name": "38204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38204" + }, + { + "name": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html", + "refsource": "MISC", + "url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4729.json b/2009/4xxx/CVE-2009-4729.json index 1e938b1a2db..36e61e10cdf 100644 --- a/2009/4xxx/CVE-2009-4729.json +++ b/2009/4xxx/CVE-2009-4729.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9340", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9340" - }, - { - "name" : "56671", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56671" - }, - { - "name" : "56672", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56672" - }, - { - "name" : "56673", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56673" - }, - { - "name" : "56674", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56674" - }, - { - "name" : "36067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36067" - }, - { - "name" : "ams-multiple-xss(52163)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36067" + }, + { + "name": "9340", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9340" + }, + { + "name": "ams-multiple-xss(52163)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52163" + }, + { + "name": "56671", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56671" + }, + { + "name": "56672", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56672" + }, + { + "name": "56674", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56674" + }, + { + "name": "56673", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56673" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4930.json b/2009/4xxx/CVE-2009-4930.json index 9be84f26aaf..387cd31c4a4 100644 --- a/2009/4xxx/CVE-2009-4930.json +++ b/2009/4xxx/CVE-2009-4930.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web script or HTML via the New Question field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090420 Sungard Banner System XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502810/100/0/threaded" - }, - { - "name" : "34620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web script or HTML via the New Question field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090420 Sungard Banner System XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502810/100/0/threaded" + }, + { + "name": "34620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34620" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2115.json b/2012/2xxx/CVE-2012-2115.json index ad1fcd39d88..2bbe5c1b2aa 100644 --- a/2012/2xxx/CVE-2012-2115.json +++ b/2012/2xxx/CVE-2012-2115.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120103 SQL Injection Vulnerability in OpenEMR 4.1.0", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0013.html" - }, - { - "name" : "18274", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18274" - }, - { - "name" : "20120103 SQL Injection Vulnerability in OpenEMR 4.1.0", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Jan/27" - }, - { - "name" : "[oss-security] 20120417 CVE-request: OpenEMR 4.1.0 SQL-injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/17/1" - }, - { - "name" : "[oss-security] 20120418 Re: CVE-request: OpenEMR 4.1.0 SQL-injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/18/7" - }, - { - "name" : "http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/", - "refsource" : "MISC", - "url" : "http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/" - }, - { - "name" : "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches", - "refsource" : "CONFIRM", - "url" : "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches" - }, - { - "name" : "51247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51247" - }, - { - "name" : "78132", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78132" - }, - { - "name" : "openemr-validateuser-sql-injection(71983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120417 CVE-request: OpenEMR 4.1.0 SQL-injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/17/1" + }, + { + "name": "[oss-security] 20120418 Re: CVE-request: OpenEMR 4.1.0 SQL-injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/18/7" + }, + { + "name": "http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/", + "refsource": "MISC", + "url": "http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/" + }, + { + "name": "78132", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78132" + }, + { + "name": "openemr-validateuser-sql-injection(71983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71983" + }, + { + "name": "18274", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18274" + }, + { + "name": "51247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51247" + }, + { + "name": "20120103 SQL Injection Vulnerability in OpenEMR 4.1.0", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Jan/27" + }, + { + "name": "20120103 SQL Injection Vulnerability in OpenEMR 4.1.0", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0013.html" + }, + { + "name": "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches", + "refsource": "CONFIRM", + "url": "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2389.json b/2012/2xxx/CVE-2012-2389.json index c2966b32024..41324910367 100644 --- a/2012/2xxx/CVE-2012-2389.json +++ b/2012/2xxx/CVE-2012-2389.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120523 CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/23/3" - }, - { - "name" : "[oss-security] 20120523 Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/23/5" - }, - { - "name" : "[oss-security] 20120523 Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/23/13" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=740964", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=740964" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=824660", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=824660" - }, - { - "name" : "FEDORA-2012-8611", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html" - }, - { - "name" : "MDVSA-2012:168", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=824660", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=824660" + }, + { + "name": "[oss-security] 20120523 Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/23/13" + }, + { + "name": "[oss-security] 20120523 Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/23/5" + }, + { + "name": "MDVSA-2012:168", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:168" + }, + { + "name": "FEDORA-2012-8611", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=740964", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=740964" + }, + { + "name": "[oss-security] 20120523 CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/23/3" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2594.json b/2012/2xxx/CVE-2012-2594.json index e801749b930..9f5ff3b93c7 100644 --- a/2012/2xxx/CVE-2012-2594.json +++ b/2012/2xxx/CVE-2012-2594.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2594", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2594", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6103.json b/2012/6xxx/CVE-2012-6103.json index 9e5891f975c..1086501e3a6 100644 --- a/2012/6xxx/CVE-2012-6103.json +++ b/2012/6xxx/CVE-2012-6103.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130121 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/01/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=220164", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=220164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=220164", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=220164" + }, + { + "name": "[oss-security] 20130121 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/01/21/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6236.json b/2012/6xxx/CVE-2012-6236.json index 3cce7b469cc..66892a7894d 100644 --- a/2012/6xxx/CVE-2012-6236.json +++ b/2012/6xxx/CVE-2012-6236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6236", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6236", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1106.json b/2015/1xxx/CVE-2015-1106.json index ccd550523d7..8262b86142f 100644 --- a/2015/1xxx/CVE-2015-1106.json +++ b/2015/1xxx/CVE-2015-1106.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "73978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73978" - }, - { - "name" : "1032050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032050" + }, + { + "name": "73978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73978" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1212.json b/2015/1xxx/CVE-2015-1212.json index 48d2907ba6f..36c69ca2ba5 100644 --- a/2015/1xxx/CVE-2015-1212.json +++ b/2015/1xxx/CVE-2015-1212.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=427303", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=427303" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=438365", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=438365" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=445679", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=445679" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=446459", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=446459" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=451684", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=451684" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=451918", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=451918" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=455225", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=455225" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0163", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0163.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2495-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2495-1" - }, - { - "name" : "72497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72497" - }, - { - "name" : "1031709", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031709" - }, - { - "name" : "62670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62670" - }, - { - "name" : "62818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62818" - }, - { - "name" : "62917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62917" - }, - { - "name" : "62925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62925" - }, - { - "name" : "google-chrome-cve20151212-unspecified(100718)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-chrome-cve20151212-unspecified(100718)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100718" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=451918", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=451918" + }, + { + "name": "72497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72497" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=451684", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=451684" + }, + { + "name": "62818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62818" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=446459", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=446459" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=427303", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=427303" + }, + { + "name": "62925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62925" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=438365", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=438365" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=445679", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=445679" + }, + { + "name": "62917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62917" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=455225", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=455225" + }, + { + "name": "RHSA-2015:0163", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html" + }, + { + "name": "62670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62670" + }, + { + "name": "1031709", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031709" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "USN-2495-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2495-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1580.json b/2015/1xxx/CVE-2015-1580.json index 49181b4e9f7..eea6b2719c2 100644 --- a/2015/1xxx/CVE-2015-1580.json +++ b/2015/1xxx/CVE-2015-1580.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/130314/WordPress-Redirection-Page-1.2-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130314/WordPress-Redirection-Page-1.2-CSRF-XSS.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130314/WordPress-Redirection-Page-1.2-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130314/WordPress-Redirection-Page-1.2-CSRF-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1763.json b/2015/1xxx/CVE-2015-1763.json index 0ab0eff56e2..107764eef96 100644 --- a/2015/1xxx/CVE-2015-1763.json +++ b/2015/1xxx/CVE-2015-1763.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka \"SQL Server Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-058", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058" - }, - { - "name" : "1032893", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka \"SQL Server Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032893", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032893" + }, + { + "name": "MS15-058", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1949.json b/2015/1xxx/CVE-2015-1949.json index 6e2a4456393..5e9fcead6a4 100644 --- a/2015/1xxx/CVE-2015-1949.json +++ b/2015/1xxx/CVE-2015-1949.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-271", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-271" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398" - }, - { - "name" : "75459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75459" - }, - { - "name" : "1032773", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032773", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032773" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-271", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-271" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398" + }, + { + "name": "75459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75459" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5380.json b/2015/5xxx/CVE-2015-5380.json index 2f1f64594d4..1734fc495ef 100644 --- a/2015/5xxx/CVE-2015-5380.json +++ b/2015/5xxx/CVE-2015-5380.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/", - "refsource" : "CONFIRM", - "url" : "http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/" - }, - { - "name" : "https://codereview.chromium.org/1226493003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1226493003" - }, - { - "name" : "https://github.com/joyent/node/issues/25583", - "refsource" : "CONFIRM", - "url" : "https://github.com/joyent/node/issues/25583" - }, - { - "name" : "https://medium.com/@iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852", - "refsource" : "CONFIRM", - "url" : "https://medium.com/@iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852" - }, - { - "name" : "75556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codereview.chromium.org/1226493003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1226493003" + }, + { + "name": "https://medium.com/@iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852", + "refsource": "CONFIRM", + "url": "https://medium.com/@iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852" + }, + { + "name": "https://github.com/joyent/node/issues/25583", + "refsource": "CONFIRM", + "url": "https://github.com/joyent/node/issues/25583" + }, + { + "name": "http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/", + "refsource": "CONFIRM", + "url": "http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/" + }, + { + "name": "75556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75556" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5522.json b/2015/5xxx/CVE-2015-5522.json index e509071b503..7f9bc619dc3 100644 --- a/2015/5xxx/CVE-2015-5522.json +++ b/2015/5xxx/CVE-2015-5522.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150604 CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/04/2" - }, - { - "name" : "[oss-security] 20150713 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/13/7" - }, - { - "name" : "[oss-security] 20150714 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/15/3" - }, - { - "name" : "https://github.com/htacg/tidy-html5/issues/217", - "refsource" : "CONFIRM", - "url" : "https://github.com/htacg/tidy-html5/issues/217" - }, - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "DSA-3309", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3309" - }, - { - "name" : "USN-2695-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2695-1" - }, - { - "name" : "75037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75037" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "[oss-security] 20150713 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/13/7" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "[oss-security] 20150604 CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/04/2" + }, + { + "name": "USN-2695-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2695-1" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "DSA-3309", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3309" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://github.com/htacg/tidy-html5/issues/217", + "refsource": "CONFIRM", + "url": "https://github.com/htacg/tidy-html5/issues/217" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "75037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75037" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + }, + { + "name": "[oss-security] 20150714 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/15/3" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5700.json b/2015/5xxx/CVE-2015-5700.json index 45227c93cc2..dd45ed96e3a 100644 --- a/2015/5xxx/CVE-2015-5700.json +++ b/2015/5xxx/CVE-2015-5700.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/30/6" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1181167", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1181167" - }, - { - "name" : "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885", - "refsource" : "CONFIRM", - "url" : "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885" - }, - { - "name" : "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log", - "refsource" : "CONFIRM", - "url" : "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log" - }, - { - "name" : "USN-3788-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3788-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/30/6" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139" + }, + { + "name": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log", + "refsource": "CONFIRM", + "url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log" + }, + { + "name": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885", + "refsource": "CONFIRM", + "url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167" + }, + { + "name": "USN-3788-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3788-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11306.json b/2018/11xxx/CVE-2018-11306.json index 11d426c41aa..d993f553c9f 100644 --- a/2018/11xxx/CVE-2018-11306.json +++ b/2018/11xxx/CVE-2018-11306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11694.json b/2018/11xxx/CVE-2018-11694.json index 42fedb6c46b..247d7bf56cb 100644 --- a/2018/11xxx/CVE-2018-11694.json +++ b/2018/11xxx/CVE-2018-11694.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sass/libsass/issues/2663", - "refsource" : "MISC", - "url" : "https://github.com/sass/libsass/issues/2663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sass/libsass/issues/2663", + "refsource": "MISC", + "url": "https://github.com/sass/libsass/issues/2663" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11811.json b/2018/11xxx/CVE-2018-11811.json index 83033df76e6..17e13c6ce4d 100644 --- a/2018/11xxx/CVE-2018-11811.json +++ b/2018/11xxx/CVE-2018-11811.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11811", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11811", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11943.json b/2018/11xxx/CVE-2018-11943.json index 998e0218fdd..6e6557f3c21 100644 --- a/2018/11xxx/CVE-2018-11943.json +++ b/2018/11xxx/CVE-2018-11943.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to processing of unintialized data buffers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=45734409dd45e6b117f7f9f7e11047f67a7accc1", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=45734409dd45e6b117f7f9f7e11047f67a7accc1" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to processing of unintialized data buffers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=45734409dd45e6b117f7f9f7e11047f67a7accc1", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=45734409dd45e6b117f7f9f7e11047f67a7accc1" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3409.json b/2018/3xxx/CVE-2018-3409.json index 7bd4f5ca0f5..f6b77427a3a 100644 --- a/2018/3xxx/CVE-2018-3409.json +++ b/2018/3xxx/CVE-2018-3409.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3409", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3409", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7080.json b/2018/7xxx/CVE-2018-7080.json index bd8b9302213..a591a665f3a 100644 --- a/2018/7xxx/CVE-2018-7080.json +++ b/2018/7xxx/CVE-2018-7080.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Aruba Access Points", - "version" : { - "version_data" : [ - { - "version_value" : "AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote access restriction bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points", + "version": { + "version_data": [ + { + "version_value": "AP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt", - "refsource" : "CONFIRM", - "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt" - }, - { - "name" : "105814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote access restriction bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105814" + }, + { + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt", + "refsource": "CONFIRM", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7246.json b/2018/7xxx/CVE-2018-7246.json index 02dc38d4617..db5d8facb10 100644 --- a/2018/7xxx/CVE-2018-7246.json +++ b/2018/7xxx/CVE-2018-7246.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "ID" : "CVE-2018-7246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS", - "version" : { - "version_data" : [ - { - "version_value" : "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page \"Access Control\" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cleartext Transmission of Sensitive Information" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "ID": "CVE-2018-7246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS", + "version": { + "version_data": [ + { + "version_value": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page \"Access Control\" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7977.json b/2018/7xxx/CVE-2018-7977.json index 65dc0e04f26..9defae45a72 100644 --- a/2018/7xxx/CVE-2018-7977.json +++ b/2018/7xxx/CVE-2018-7977.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FusionSphere OpenStack", - "version" : { - "version_data" : [ - { - "version_value" : "V100R006C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information leakage" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FusionSphere OpenStack", + "version": { + "version_data": [ + { + "version_value": "V100R006C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8215.json b/2018/8xxx/CVE-2018-8215.json index 00235bd1e24..40e5d7bb7d9 100644 --- a/2018/8xxx/CVE-2018-8215.json +++ b/2018/8xxx/CVE-2018-8215.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8215", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8215" - }, - { - "name" : "104333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104333" - }, - { - "name" : "1041098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041098" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8215", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8215" + }, + { + "name": "104333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104333" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8222.json b/2018/8xxx/CVE-2018-8222.json index 93f9d96622d..979bd102298 100644 --- a/2018/8xxx/CVE-2018-8222.json +++ b/2018/8xxx/CVE-2018-8222.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8222", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8222" - }, - { - "name" : "104635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104635" - }, - { - "name" : "1041265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041265" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8222", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8222" + }, + { + "name": "104635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104635" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8244.json b/2018/8xxx/CVE-2018-8244.json index e8e4159d183..a41fe17ed00 100644 --- a/2018/8xxx/CVE-2018-8244.json +++ b/2018/8xxx/CVE-2018-8244.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2016 Click-to-Run (C2R) for 32-bit editions" - }, - { - "version_value" : "2016 Click-to-Run (C2R) for 64-bit editions" - } - ] - } - }, - { - "product_name" : "Microsoft Outlook", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka \"Microsoft Outlook Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Outlook." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2016 Click-to-Run (C2R) for 32-bit editions" + }, + { + "version_value": "2016 Click-to-Run (C2R) for 64-bit editions" + } + ] + } + }, + { + "product_name": "Microsoft Outlook", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244" - }, - { - "name" : "104323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104323" - }, - { - "name" : "1041107", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka \"Microsoft Outlook Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Outlook." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041107", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041107" + }, + { + "name": "104323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104323" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8513.json b/2018/8xxx/CVE-2018-8513.json index 72cb8b056f4..d7f55390729 100644 --- a/2018/8xxx/CVE-2018-8513.json +++ b/2018/8xxx/CVE-2018-8513.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8513", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8513" - }, - { - "name" : "105473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105473" - }, - { - "name" : "1041825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105473" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8513", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8513" + }, + { + "name": "1041825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041825" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8530.json b/2018/8xxx/CVE-2018-8530.json index 72e2fd73a12..89e7034c1ee 100644 --- a/2018/8xxx/CVE-2018-8530.json +++ b/2018/8xxx/CVE-2018-8530.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8530", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8530" - }, - { - "name" : "105487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105487" - }, - { - "name" : "1041825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105487" + }, + { + "name": "1041825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041825" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8530", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8530" + } + ] + } +} \ No newline at end of file