diff --git a/2005/0xxx/CVE-2005-0183.json b/2005/0xxx/CVE-2005-0183.json index a101c6ecd1c..18248ceedb8 100644 --- a/2005/0xxx/CVE-2005-0183.json +++ b/2005/0xxx/CVE-2005-0183.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050111 Squirrelmail vacation v0.15 local root exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110549426300953&w=2" - }, - { - "name" : "http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-03", - "refsource" : "MISC", - "url" : "http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-03" - }, - { - "name" : "http://www.squirrelmail.org/plugin_view.php?id=51", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/plugin_view.php?id=51" - }, - { - "name" : "12222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12222" - }, - { - "name" : "1012866", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012866" - }, - { - "name" : "13791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13791" - }, - { - "name" : "vacation-ftpfile-command-execution(18855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-03", + "refsource": "MISC", + "url": "http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-03" + }, + { + "name": "http://www.squirrelmail.org/plugin_view.php?id=51", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/plugin_view.php?id=51" + }, + { + "name": "20050111 Squirrelmail vacation v0.15 local root exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110549426300953&w=2" + }, + { + "name": "vacation-ftpfile-command-execution(18855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18855" + }, + { + "name": "12222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12222" + }, + { + "name": "13791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13791" + }, + { + "name": "1012866", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012866" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0244.json b/2005/0xxx/CVE-2005-0244.json index e5f05557dd4..fc3b1a7d5d7 100644 --- a/2005/0xxx/CVE-2005-0244.json +++ b/2005/0xxx/CVE-2005-0244.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[pgsql-hackers] 20050127 Permissions on aggregate component functions", - "refsource" : "MLIST", - "url" : "http://archives.postgresql.org/pgsql-hackers/2005-01/msg00922.php" - }, - { - "name" : "MDKSA-2005:040", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:040" - }, - { - "name" : "RHSA-2005:138", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-138.html" - }, - { - "name" : "20050210 [USN-79-1] PostgreSQL vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110806034116082&w=2" - }, - { - "name" : "SUSE-SA:2005:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" - }, - { - "name" : "12417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12417" - }, - { - "name" : "oval:org.mitre.oval:def:10927", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10927" - }, - { - "name" : "12948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12948" - }, - { - "name" : "postgresql-security-bypass(19184)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10927", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10927" + }, + { + "name": "MDKSA-2005:040", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:040" + }, + { + "name": "20050210 [USN-79-1] PostgreSQL vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110806034116082&w=2" + }, + { + "name": "RHSA-2005:138", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-138.html" + }, + { + "name": "[pgsql-hackers] 20050127 Permissions on aggregate component functions", + "refsource": "MLIST", + "url": "http://archives.postgresql.org/pgsql-hackers/2005-01/msg00922.php" + }, + { + "name": "12948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12948" + }, + { + "name": "12417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12417" + }, + { + "name": "postgresql-security-bypass(19184)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19184" + }, + { + "name": "SUSE-SA:2005:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0807.json b/2005/0xxx/CVE-2005-0807.json index f83e65143bb..bb892599f39 100644 --- a/2005/0xxx/CVE-2005-0807.json +++ b/2005/0xxx/CVE-2005-0807.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050318 Cain & Abel PSK Sniffer Heap overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111116097313427&w=2" - }, - { - "name" : "http://www.oxid.it/", - "refsource" : "CONFIRM", - "url" : "http://www.oxid.it/" - }, - { - "name" : "12840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12840" - }, - { - "name" : "1013476", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013476" - }, - { - "name" : "14630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14630" - }, - { - "name" : "cain-abel-ikepsk-bo(19742)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19742" - }, - { - "name" : "cain-abel-http-filter-bo(19744)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cain-abel-http-filter-bo(19744)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19744" + }, + { + "name": "20050318 Cain & Abel PSK Sniffer Heap overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111116097313427&w=2" + }, + { + "name": "12840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12840" + }, + { + "name": "http://www.oxid.it/", + "refsource": "CONFIRM", + "url": "http://www.oxid.it/" + }, + { + "name": "14630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14630" + }, + { + "name": "1013476", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013476" + }, + { + "name": "cain-abel-ikepsk-bo(19742)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19742" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2432.json b/2005/2xxx/CVE-2005-2432.json index d9a81b260f4..8fc709a712c 100644 --- a/2005/2xxx/CVE-2005-2432.json +++ b/2005/2xxx/CVE-2005-2432.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050728 PhpList Sql Injection and Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112258115325054&w=2" - }, - { - "name" : "20050731 PHPList Vunerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112291396731712&w=2" - }, - { - "name" : "14403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14403" - }, - { - "name" : "18316", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18316" - }, - { - "name" : "1014607", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014607" - }, - { - "name" : "16274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16274" - }, - { - "name" : "phplist-id-sql-injection(21576)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16274" + }, + { + "name": "18316", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18316" + }, + { + "name": "phplist-id-sql-injection(21576)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21576" + }, + { + "name": "20050731 PHPList Vunerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112291396731712&w=2" + }, + { + "name": "20050728 PhpList Sql Injection and Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112258115325054&w=2" + }, + { + "name": "1014607", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014607" + }, + { + "name": "14403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14403" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3302.json b/2005/3xxx/CVE-2005-3302.json index f30d120109d..d993b043e26 100644 --- a/2005/3xxx/CVE-2005-3302.json +++ b/2005/3xxx/CVE-2005-3302.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330895", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330895" - }, - { - "name" : "DSA-1039", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1039" - }, - { - "name" : "17663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17663" - }, - { - "name" : "19754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19754" + }, + { + "name": "17663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17663" + }, + { + "name": "DSA-1039", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1039" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330895", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330895" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3767.json b/2005/3xxx/CVE-2005-3767.json index 7accb8dfc95..4b439758c77 100644 --- a/2005/3xxx/CVE-2005-3767.json +++ b/2005/3xxx/CVE-2005-3767.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051119 [security - exponentcms]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417218" - }, - { - "name" : "15391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15391" - }, - { - "name" : "17655", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17655" - }, - { - "name" : "17505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17505" - }, - { - "name" : "exponent-image-code-execution(23113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15391" + }, + { + "name": "20051119 [security - exponentcms]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417218" + }, + { + "name": "exponent-image-code-execution(23113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23113" + }, + { + "name": "17655", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17655" + }, + { + "name": "17505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17505" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3794.json b/2005/3xxx/CVE-2005-3794.json index 515ab39c993..efceb36e185 100644 --- a/2005/3xxx/CVE-2005-3794.json +++ b/2005/3xxx/CVE-2005-3794.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051115 Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113209435819541&w=2" - }, - { - "name" : "http://myblog.it-security23.net/?postid=5", - "refsource" : "MISC", - "url" : "http://myblog.it-security23.net/?postid=5" - }, - { - "name" : "ADV-2005-2455", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2455" - }, - { - "name" : "17605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17605/" - }, - { - "name" : "affiliate-network-information-disclosure(23078)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://myblog.it-security23.net/?postid=5", + "refsource": "MISC", + "url": "http://myblog.it-security23.net/?postid=5" + }, + { + "name": "affiliate-network-information-disclosure(23078)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23078" + }, + { + "name": "ADV-2005-2455", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2455" + }, + { + "name": "20051115 Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113209435819541&w=2" + }, + { + "name": "17605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17605/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3867.json b/2005/3xxx/CVE-2005-3867.json index 09c303cb415..7e7be4181df 100644 --- a/2005/3xxx/CVE-2005-3867.json +++ b/2005/3xxx/CVE-2005-3867.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/revenuepilot-search-engine-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/revenuepilot-search-engine-xss-vuln.html" - }, - { - "name" : "16129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16129" - }, - { - "name" : "15612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15612" - }, - { - "name" : "ADV-2005-2607", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2607" - }, - { - "name" : "21143", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21143" - }, - { - "name" : "17717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17717" - }, - { - "name" : "revenuepilot-search-xss(23345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/11/revenuepilot-search-engine-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/revenuepilot-search-engine-xss-vuln.html" + }, + { + "name": "21143", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21143" + }, + { + "name": "revenuepilot-search-xss(23345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23345" + }, + { + "name": "15612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15612" + }, + { + "name": "16129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16129" + }, + { + "name": "17717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17717" + }, + { + "name": "ADV-2005-2607", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2607" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0047.json b/2009/0xxx/CVE-2009-0047.json index ea96f7448b4..677febc0c78 100644 --- a/2009/0xxx/CVE-2009-0047.json +++ b/2009/0xxx/CVE-2009-0047.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499827/100/0/threaded" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2008-016.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2008-016.html" - }, - { - "name" : "ADV-2009-0046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2008-016.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2008-016.html" + }, + { + "name": "ADV-2009-0046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0046" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0409.json b/2009/0xxx/CVE-2009-0409.json index 74f5e38a1c2..19a7487032a 100644 --- a/2009/0xxx/CVE-2009-0409.json +++ b/2009/0xxx/CVE-2009-0409.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090127 Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500470/100/0/threaded" - }, - { - "name" : "7899", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7899" - }, - { - "name" : "33493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33493" - }, - { - "name" : "51645", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51645" - }, - { - "name" : "33658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7899", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7899" + }, + { + "name": "33493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33493" + }, + { + "name": "33658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33658" + }, + { + "name": "20090127 Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500470/100/0/threaded" + }, + { + "name": "51645", + "refsource": "OSVDB", + "url": "http://osvdb.org/51645" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0709.json b/2009/0xxx/CVE-2009-0709.json index ea28705af39..f14c8e03a90 100644 --- a/2009/0xxx/CVE-2009-0709.json +++ b/2009/0xxx/CVE-2009-0709.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "51104", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51104" - }, - { - "name" : "33367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33367" - }, - { - "name" : "phpfootball-login-sql-injection(47720)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33367" + }, + { + "name": "51104", + "refsource": "OSVDB", + "url": "http://osvdb.org/51104" + }, + { + "name": "phpfootball-login-sql-injection(47720)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47720" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2273.json b/2009/2xxx/CVE-2009-2273.json index b6a00f972e0..f2efb1dc5ee 100644 --- a/2009/2xxx/CVE-2009-2273.json +++ b/2009/2xxx/CVE-2009-2273.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090630 Multiple Flaws in Huawei D100", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504645/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090630 Multiple Flaws in Huawei D100", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504645/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2378.json b/2009/2xxx/CVE-2009-2378.json index 4ed122c1538..8cb2335d467 100644 --- a/2009/2xxx/CVE-2009-2378.json +++ b/2009/2xxx/CVE-2009-2378.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in formmailer.admin.inc.php in Jax FormMailer 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the BASE_DIR[jax_formmailer] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9051", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9051" - }, - { - "name" : "formmailer-formmailer-file-include(51443)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in formmailer.admin.inc.php in Jax FormMailer 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the BASE_DIR[jax_formmailer] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9051", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9051" + }, + { + "name": "formmailer-formmailer-file-include(51443)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51443" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2389.json b/2009/2xxx/CVE-2009-2389.json index 02b341154c3..ee61bd066c4 100644 --- a/2009/2xxx/CVE-2009-2389.json +++ b/2009/2xxx/CVE-2009-2389.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9042", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9042" - }, - { - "name" : "35611", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35611", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35611" + }, + { + "name": "9042", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9042" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3143.json b/2009/3xxx/CVE-2009-3143.json index 04aeeac549c..fa7725d6bc2 100644 --- a/2009/3xxx/CVE-2009-3143.json +++ b/2009/3xxx/CVE-2009-3143.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3143", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3143", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3512.json b/2009/3xxx/CVE-2009-3512.json index bf77fdd8675..36b1f56914b 100644 --- a/2009/3xxx/CVE-2009-3512.json +++ b/2009/3xxx/CVE-2009-3512.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/myweight-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/myweight-xss.txt" - }, - { - "name" : "55997", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55997" - }, - { - "name" : "55998", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55998" - }, - { - "name" : "55999", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55999" - }, - { - "name" : "35919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35919" - }, - { - "name" : "myweight-date-xss(51861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55998", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55998" + }, + { + "name": "35919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35919" + }, + { + "name": "55999", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55999" + }, + { + "name": "55997", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55997" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/myweight-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/myweight-xss.txt" + }, + { + "name": "myweight-date-xss(51861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51861" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3518.json b/2009/3xxx/CVE-2009-3518.json index 1b1425d132a..705dbf815e0 100644 --- a/2009/3xxx/CVE-2009-3518.json +++ b/2009/3xxx/CVE-2009-3518.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://retrogod.altervista.org/9sg_ibm_uri.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/9sg_ibm_uri.html" - }, - { - "name" : "36906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36906" - }, - { - "name" : "ADV-2009-2792", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2792", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2792" + }, + { + "name": "http://retrogod.altervista.org/9sg_ibm_uri.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/9sg_ibm_uri.html" + }, + { + "name": "36906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36906" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3651.json b/2009/3xxx/CVE-2009-3651.json index cba43073474..e444d4f5657 100644 --- a/2009/3xxx/CVE-2009-3651.json +++ b/2009/3xxx/CVE-2009-3651.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the \"Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/592262", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/592262" - }, - { - "name" : "http://drupal.org/node/592264", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/592264" - }, - { - "name" : "http://drupal.org/node/592272", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/592272" - }, - { - "name" : "36557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36557" - }, - { - "name" : "58444", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58444" - }, - { - "name" : "36912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36912" - }, - { - "name" : "browscap-useragent-xss(53571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the \"Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/592272", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/592272" + }, + { + "name": "36557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36557" + }, + { + "name": "36912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36912" + }, + { + "name": "http://drupal.org/node/592264", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/592264" + }, + { + "name": "http://drupal.org/node/592262", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/592262" + }, + { + "name": "58444", + "refsource": "OSVDB", + "url": "http://osvdb.org/58444" + }, + { + "name": "browscap-useragent-xss(53571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53571" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3818.json b/2009/3xxx/CVE-2009-3818.json index 81e0022226e..09b1920cbd5 100644 --- a/2009/3xxx/CVE-2009-3818.json +++ b/2009/3xxx/CVE-2009-3818.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/" - }, - { - "name" : "37094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37094" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4390.json b/2009/4xxx/CVE-2009-4390.json index 1f34812c3af..2dddca019ac 100644 --- a/2009/4xxx/CVE-2009-4390.json +++ b/2009/4xxx/CVE-2009-4390.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4772.json b/2009/4xxx/CVE-2009-4772.json index a129e5a9081..050889be0c6 100644 --- a/2009/4xxx/CVE-2009-4772.json +++ b/2009/4xxx/CVE-2009-4772.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/636576", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/636576" - }, - { - "name" : "37058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37058" - }, - { - "name" : "60291", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60291" - }, - { - "name" : "37440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37440" - }, - { - "name" : "ubercart-unspecified-information-disclosure(54345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37058" + }, + { + "name": "http://drupal.org/node/636576", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/636576" + }, + { + "name": "60291", + "refsource": "OSVDB", + "url": "http://osvdb.org/60291" + }, + { + "name": "37440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37440" + }, + { + "name": "ubercart-unspecified-information-disclosure(54345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54345" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4843.json b/2009/4xxx/CVE-2009-4843.json index 92062a9b408..2c27d24c1df 100644 --- a/2009/4xxx/CVE-2009-4843.json +++ b/2009/4xxx/CVE-2009-4843.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507729/100/0/threaded" - }, - { - "name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", - "refsource" : "MISC", - "url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" - }, - { - "name" : "37297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37297" + }, + { + "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded" + }, + { + "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", + "refsource": "MISC", + "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2321.json b/2012/2xxx/CVE-2012-2321.json index 096bd309726..9eefe7b0b99 100644 --- a/2012/2xxx/CVE-2012-2321.json +++ b/2012/2xxx/CVE-2012-2321.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120507 Re: connman heads up / CVE requests", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/10" - }, - { - "name" : "[oss-security] 20120507 Re: connman heads up / CVE requests", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/6" - }, - { - "name" : "[oss-security] 20120507 connman heads up / CVE requests", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/2" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=715172", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=715172" - }, - { - "name" : "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=26ace5c59f790bce0f1988b88874c6f2c480fd5a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=26ace5c59f790bce0f1988b88874c6f2c480fd5a" - }, - { - "name" : "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911" - }, - { - "name" : "GLSA-201205-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201205-02.xml" - }, - { - "name" : "53408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53408" - }, - { - "name" : "81705", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81705" - }, - { - "name" : "49033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49033" - }, - { - "name" : "49186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49186" - }, - { - "name" : "connman-hostname-command-exec(75466)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53408" + }, + { + "name": "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=26ace5c59f790bce0f1988b88874c6f2c480fd5a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=26ace5c59f790bce0f1988b88874c6f2c480fd5a" + }, + { + "name": "81705", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81705" + }, + { + "name": "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911" + }, + { + "name": "[oss-security] 20120507 Re: connman heads up / CVE requests", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/6" + }, + { + "name": "GLSA-201205-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201205-02.xml" + }, + { + "name": "[oss-security] 20120507 connman heads up / CVE requests", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/2" + }, + { + "name": "[oss-security] 20120507 Re: connman heads up / CVE requests", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/10" + }, + { + "name": "connman-hostname-command-exec(75466)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75466" + }, + { + "name": "49033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49033" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=715172", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=715172" + }, + { + "name": "49186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49186" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2465.json b/2012/2xxx/CVE-2012-2465.json index 11d383f7d56..eb75c813b4c 100644 --- a/2012/2xxx/CVE-2012-2465.json +++ b/2012/2xxx/CVE-2012-2465.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2465", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2465", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0181.json b/2015/0xxx/CVE-2015-0181.json index da9cecde425..4e66bec3dc5 100644 --- a/2015/0xxx/CVE-2015-0181.json +++ b/2015/0xxx/CVE-2015-0181.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0181", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0181", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0411.json b/2015/0xxx/CVE-2015-0411.json index 386a370464d..325baa76c38 100644 --- a/2015/0xxx/CVE-2015-0411.json +++ b/2015/0xxx/CVE-2015-0411.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "DSA-3135", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3135" - }, - { - "name" : "FEDORA-2015-1162", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html" - }, - { - "name" : "GLSA-201504-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-05" - }, - { - "name" : "RHSA-2015:0116", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0116.html" - }, - { - "name" : "RHSA-2015:0117", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0117.html" - }, - { - "name" : "RHSA-2015:0118", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0118.html" - }, - { - "name" : "RHSA-2015:1628", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1628.html" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "USN-2480-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2480-1" - }, - { - "name" : "72191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72191" - }, - { - "name" : "1031581", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031581" - }, - { - "name" : "62728", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62728" - }, - { - "name" : "62730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62730" - }, - { - "name" : "62732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62732" - }, - { - "name" : "oracle-cpujan2015-cve20150411(100183)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0118", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0118.html" + }, + { + "name": "DSA-3135", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3135" + }, + { + "name": "RHSA-2015:0116", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0116.html" + }, + { + "name": "USN-2480-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2480-1" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "72191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72191" + }, + { + "name": "RHSA-2015:1628", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1628.html" + }, + { + "name": "62732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62732" + }, + { + "name": "RHSA-2015:0117", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0117.html" + }, + { + "name": "1031581", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031581" + }, + { + "name": "oracle-cpujan2015-cve20150411(100183)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100183" + }, + { + "name": "GLSA-201504-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-05" + }, + { + "name": "62728", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62728" + }, + { + "name": "FEDORA-2015-1162", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html" + }, + { + "name": "62730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62730" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0476.json b/2015/0xxx/CVE-2015-0476.json index cc7c5bc9bbc..3abd0484508 100644 --- a/2015/0xxx/CVE-2015-0476.json +++ b/2015/0xxx/CVE-2015-0476.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SQL Trace Analyzer component in Oracle Support Tools before 12.1.11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SQL Trace Analyzer component in Oracle Support Tools before 12.1.11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0605.json b/2015/0xxx/CVE-2015-0605.json index ea73bff51c0..74a3a1644d0 100644 --- a/2015/0xxx/CVE-2015-0605.json +++ b/2015/0xxx/CVE-2015-0605.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37384", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37384" - }, - { - "name" : "20150206 Cisco AsyncOS Software Uuencoded Email Filtering Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0605" - }, - { - "name" : "72528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72528" - }, - { - "name" : "62829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62829" - }, - { - "name" : "cisco-asyncos-cve20150605-sec-bypass(100695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72528" + }, + { + "name": "62829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62829" + }, + { + "name": "20150206 Cisco AsyncOS Software Uuencoded Email Filtering Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0605" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37384", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37384" + }, + { + "name": "cisco-asyncos-cve20150605-sec-bypass(100695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100695" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0815.json b/2015/0xxx/CVE-2015-0815.json index 48ce6737902..9225182589d 100644 --- a/2015/0xxx/CVE-2015-0815.json +++ b/2015/0xxx/CVE-2015-0815.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-30.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-30.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1036515", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1036515" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1137326", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1137326" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1138199", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1138199" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3211", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3211" - }, - { - "name" : "DSA-3212", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3212" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "RHSA-2015:0766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0766.html" - }, - { - "name" : "RHSA-2015:0771", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0771.html" - }, - { - "name" : "SUSE-SU-2015:0704", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" - }, - { - "name" : "openSUSE-SU-2015:0677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "openSUSE-SU-2015:0892", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" - }, - { - "name" : "USN-2550-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2550-1" - }, - { - "name" : "USN-2552-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2552-1" - }, - { - "name" : "73466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73466" - }, - { - "name" : "1031996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031996" - }, - { - "name" : "1032000", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73466" + }, + { + "name": "1031996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031996" + }, + { + "name": "openSUSE-SU-2015:0892", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "DSA-3212", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3212" + }, + { + "name": "SUSE-SU-2015:0704", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" + }, + { + "name": "USN-2552-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2552-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1036515", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1036515" + }, + { + "name": "RHSA-2015:0766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0766.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1137326", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1137326" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-30.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-30.html" + }, + { + "name": "USN-2550-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2550-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138199", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138199" + }, + { + "name": "1032000", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032000" + }, + { + "name": "openSUSE-SU-2015:0677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" + }, + { + "name": "RHSA-2015:0771", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0771.html" + }, + { + "name": "DSA-3211", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3211" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0834.json b/2015/0xxx/CVE-2015-0834.json index d882a6877ee..c4224f45406 100644 --- a/2015/0xxx/CVE-2015-0834.json +++ b/2015/0xxx/CVE-2015-0834.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-15.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1098314", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1098314" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2015:0404", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:0570", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" - }, - { - "name" : "USN-2505-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2505-1" - }, - { - "name" : "72743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72743" - }, - { - "name" : "1031791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72743" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "openSUSE-SU-2015:0404", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-15.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-15.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1098314", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1098314" + }, + { + "name": "1031791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031791" + }, + { + "name": "openSUSE-SU-2015:0570", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" + }, + { + "name": "USN-2505-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2505-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1638.json b/2015/1xxx/CVE-2015-1638.json index 9b3216f93ea..78abb87005b 100644 --- a/2015/1xxx/CVE-2015-1638.json +++ b/2015/1xxx/CVE-2015-1638.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka \"Active Directory Federation Services Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-040", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-040" - }, - { - "name" : "1032115", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka \"Active Directory Federation Services Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032115", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032115" + }, + { + "name": "MS15-040", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-040" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1918.json b/2015/1xxx/CVE-2015-1918.json index 991a2d3d26d..b4390bbf3cd 100644 --- a/2015/1xxx/CVE-2015-1918.json +++ b/2015/1xxx/CVE-2015-1918.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1918", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1918", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4439.json b/2015/4xxx/CVE-2015-4439.json index 658ea58484b..b9752967a39 100644 --- a/2015/4xxx/CVE-2015-4439.json +++ b/2015/4xxx/CVE-2015-4439.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4439", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4439", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5023.json b/2015/5xxx/CVE-2015-5023.json index ba65996ed34..31ee8fc0ff8 100644 --- a/2015/5xxx/CVE-2015-5023.json +++ b/2015/5xxx/CVE-2015-5023.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21967851", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21967851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21967851", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967851" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5221.json b/2015/5xxx/CVE-2015-5221.json index 88c8054f730..ef0bb3f794c 100644 --- a/2015/5xxx/CVE-2015-5221.json +++ b/2015/5xxx/CVE-2015-5221.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150820 Use-after-free (and double-free) in Jasper JPEG-200 (CVE-2015-5221)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/20/4" - }, - { - "name" : "[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255710", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255710" - }, - { - "name" : "https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3" - }, - { - "name" : "FEDORA-2016-7776983633", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/" - }, - { - "name" : "FEDORA-2016-9b17661de5", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/" - }, - { - "name" : "FEDORA-2016-bbecf64af4", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "openSUSE-SU-2016:2722", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html" - }, - { - "name" : "openSUSE-SU-2016:2737", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:2833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html" - }, - { - "name" : "USN-3693-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3693-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html" + }, + { + "name": "[oss-security] 20150820 Use-after-free (and double-free) in Jasper JPEG-200 (CVE-2015-5221)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/20/4" + }, + { + "name": "FEDORA-2016-bbecf64af4", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, + { + "name": "openSUSE-SU-2016:2737", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html" + }, + { + "name": "https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3" + }, + { + "name": "FEDORA-2016-7776983633", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/" + }, + { + "name": "openSUSE-SU-2016:2722", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255710", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255710" + }, + { + "name": "FEDORA-2016-9b17661de5", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/" + }, + { + "name": "USN-3693-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3693-1/" + }, + { + "name": "openSUSE-SU-2016:2833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5303.json b/2015/5xxx/CVE-2015-5303.json index 264ded5841a..64700a31ac7 100644 --- a/2015/5xxx/CVE-2015-5303.json +++ b/2015/5xxx/CVE-2015-5303.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/tripleo/+bug/1516027", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/tripleo/+bug/1516027" - }, - { - "name" : "RHSA-2015:2650", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:2650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:2650", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:2650" + }, + { + "name": "https://bugs.launchpad.net/tripleo/+bug/1516027", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/tripleo/+bug/1516027" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5538.json b/2015/5xxx/CVE-2015-5538.json index 0812f15bff9..c3950a7f56b 100644 --- a/2015/5xxx/CVE-2015-5538.json +++ b/2015/5xxx/CVE-2015-5538.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX201334", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX201334" - }, - { - "name" : "1033618", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033618", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033618" + }, + { + "name": "http://support.citrix.com/article/CTX201334", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX201334" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5547.json b/2015/5xxx/CVE-2015-5547.json index 18c8b80c371..067f2d2aee6 100644 --- a/2015/5xxx/CVE-2015-5547.json +++ b/2015/5xxx/CVE-2015-5547.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201508-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201508-01" - }, - { - "name" : "RHSA-2015:1603", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "76283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76283" - }, - { - "name" : "1033235", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "76283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76283" + }, + { + "name": "GLSA-201508-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201508-01" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "1033235", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033235" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "name": "RHSA-2015:1603", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3336.json b/2018/3xxx/CVE-2018-3336.json index a9e5401973f..e0c2f5f224a 100644 --- a/2018/3xxx/CVE-2018-3336.json +++ b/2018/3xxx/CVE-2018-3336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3336", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3336", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3364.json b/2018/3xxx/CVE-2018-3364.json index 1e8bb20f0a2..036181bef7b 100644 --- a/2018/3xxx/CVE-2018-3364.json +++ b/2018/3xxx/CVE-2018-3364.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3364", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3364", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3774.json b/2018/3xxx/CVE-2018-3774.json index 7b17a925047..2057fc8857b 100644 --- a/2018/3xxx/CVE-2018-3774.json +++ b/2018/3xxx/CVE-2018-3774.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "url-parse", - "version" : { - "version_data" : [ - { - "version_value" : "1.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Forced Browsing (CWE-425)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "url-parse", + "version": { + "version_data": [ + { + "version_value": "1.4.3" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/384029", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/384029" - }, - { - "name" : "https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a", - "refsource" : "CONFIRM", - "url" : "https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a" - }, - { - "name" : "https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de", - "refsource" : "CONFIRM", - "url" : "https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Forced Browsing (CWE-425)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de", + "refsource": "CONFIRM", + "url": "https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de" + }, + { + "name": "https://hackerone.com/reports/384029", + "refsource": "MISC", + "url": "https://hackerone.com/reports/384029" + }, + { + "name": "https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a", + "refsource": "CONFIRM", + "url": "https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3813.json b/2018/3xxx/CVE-2018-3813.json index 68d9a2f992f..bf14e2e6914 100644 --- a/2018/3xxx/CVE-2018-3813.json +++ b/2018/3xxx/CVE-2018-3813.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://misteralfa-hack.blogspot.cl/2018/01/brickstream-recuento-y-seguimiento-de.html", - "refsource" : "MISC", - "url" : "http://misteralfa-hack.blogspot.cl/2018/01/brickstream-recuento-y-seguimiento-de.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://misteralfa-hack.blogspot.cl/2018/01/brickstream-recuento-y-seguimiento-de.html", + "refsource": "MISC", + "url": "http://misteralfa-hack.blogspot.cl/2018/01/brickstream-recuento-y-seguimiento-de.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3824.json b/2018/3xxx/CVE-2018-3824.json index 6a42b2be2eb..f3d788d3e3a 100644 --- a/2018/3xxx/CVE-2018-3824.json +++ b/2018/3xxx/CVE-2018-3824.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "bressers@elastic.co", - "ID" : "CVE-2018-3824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Elasticsearch X-Pack Machine Learning", - "version" : { - "version_data" : [ - { - "version_value" : "before 6.2.4 and 5.6.9" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2018-3824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Elasticsearch X-Pack Machine Learning", + "version": { + "version_data": [ + { + "version_value": "before 6.2.4 and 5.6.9" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422", - "refsource" : "CONFIRM", - "url" : "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422" - }, - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422", + "refsource": "CONFIRM", + "url": "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422" + }, + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6599.json b/2018/6xxx/CVE-2018-6599.json index 6b20ee11dc5..47a7a164daf 100644 --- a/2018/6xxx/CVE-2018-6599.json +++ b/2018/6xxx/CVE-2018-6599.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6925.json b/2018/6xxx/CVE-2018-6925.json index 4c38513e4c0..4768e445802 100644 --- a/2018/6xxx/CVE-2018-6925.json +++ b/2018/6xxx/CVE-2018-6925.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "DATE_PUBLIC" : "2018-09-27T00:00:00", - "ID" : "CVE-2018-6925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "11.2 before 11.2-RELEASE-p4" - }, - { - "version_value" : "11.1 before 11.1-RELEASE-p15" - }, - { - "version_value" : "10.x before 10.4-RELEASE-p13" - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "DATE_PUBLIC": "2018-09-27T00:00:00", + "ID": "CVE-2018-6925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "11.2 before 11.2-RELEASE-p4" + }, + { + "version_value": "11.1 before 11.1-RELEASE-p15" + }, + { + "version_value": "10.x before 10.4-RELEASE-p13" + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html", - "refsource" : "MISC", - "url" : "https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html" - }, - { - "name" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc", - "refsource" : "CONFIRM", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc", + "refsource": "CONFIRM", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc" + }, + { + "name": "https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html", + "refsource": "MISC", + "url": "https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6969.json b/2018/6xxx/CVE-2018-6969.json index 4fa529a6513..f0da11b5f4d 100644 --- a/2018/6xxx/CVE-2018-6969.json +++ b/2018/6xxx/CVE-2018-6969.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-07-12T00:00:00", - "ID" : "CVE-2018-6969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VMware Tools", - "version" : { - "version_data" : [ - { - "version_value" : "10.x and prior before 10.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-07-12T00:00:00", + "ID": "CVE-2018-6969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VMware Tools", + "version": { + "version_data": [ + { + "version_value": "10.x and prior before 10.3.0" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2018-0017.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2018-0017.html" - }, - { - "name" : "104737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104737" - }, - { - "name" : "1041291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041291" + }, + { + "name": "https://www.vmware.com/security/advisories/VMSA-2018-0017.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2018-0017.html" + }, + { + "name": "104737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104737" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7443.json b/2018/7xxx/CVE-2018-7443.json index 63b5315a539..a2e1a400395 100644 --- a/2018/7xxx/CVE-2018-7443.json +++ b/2018/7xxx/CVE-2018-7443.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180225 [SECURITY] [DLA 1293-1] imagemagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00028.html" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/999", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/999" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180225 [SECURITY] [DLA 1293-1] imagemagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00028.html" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/999", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/999" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7476.json b/2018/7xxx/CVE-2018-7476.json index 892ea093431..e136a157dac 100644 --- a/2018/7xxx/CVE-2018-7476.json +++ b/2018/7xxx/CVE-2018-7476.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitee.com/w1tcher/finecms/commit/6978c63b3bc5e0d1038a23bfc6293ad5e9d5f530", - "refsource" : "MISC", - "url" : "https://gitee.com/w1tcher/finecms/commit/6978c63b3bc5e0d1038a23bfc6293ad5e9d5f530" - }, - { - "name" : "https://www.from0to1.me/index.php/archives/22/", - "refsource" : "MISC", - "url" : "https://www.from0to1.me/index.php/archives/22/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.from0to1.me/index.php/archives/22/", + "refsource": "MISC", + "url": "https://www.from0to1.me/index.php/archives/22/" + }, + { + "name": "https://gitee.com/w1tcher/finecms/commit/6978c63b3bc5e0d1038a23bfc6293ad5e9d5f530", + "refsource": "MISC", + "url": "https://gitee.com/w1tcher/finecms/commit/6978c63b3bc5e0d1038a23bfc6293ad5e9d5f530" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7763.json b/2018/7xxx/CVE-2018-7763.json index 87d893abede..4cb319c4e23 100644 --- a/2018/7xxx/CVE-2018-7763.json +++ b/2018/7xxx/CVE-2018-7763.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-04-05T00:00:00", - "ID" : "CVE-2018-7763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "U.Motion", - "version" : { - "version_data" : [ - { - "version_value" : "U.motion Builder Software, all versions prior to v1.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-04-05T00:00:00", + "ID": "CVE-2018-7763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "U.Motion", + "version": { + "version_data": [ + { + "version_value": "U.motion Builder Software, all versions prior to v1.3.4" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7815.json b/2018/7xxx/CVE-2018-7815.json index 1ba9a1f81ee..6532b8851c5 100644 --- a/2018/7xxx/CVE-2018-7815.json +++ b/2018/7xxx/CVE-2018-7815.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "ID" : "CVE-2018-7815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0)", - "version" : { - "version_data" : [ - { - "version_value" : "Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0)" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type Confusion" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "ID": "CVE-2018-7815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0)", + "version": { + "version_data": [ + { + "version_value": "Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0)" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/ww/en/download/document/SEVD-2018-338-01", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/ww/en/download/document/SEVD-2018-338-01" - }, - { - "name" : "106218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2018-338-01", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2018-338-01" + }, + { + "name": "106218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106218" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7847.json b/2018/7xxx/CVE-2018-7847.json index 0fe555479eb..6d335606dd9 100644 --- a/2018/7xxx/CVE-2018-7847.json +++ b/2018/7xxx/CVE-2018-7847.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7847", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7847", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7941.json b/2018/7xxx/CVE-2018-7941.json index 3166ad02c40..729d0a25e1b 100644 --- a/2018/7xxx/CVE-2018-7941.json +++ b/2018/7xxx/CVE-2018-7941.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iBMC", - "version" : { - "version_data" : [ - { - "version_value" : "V200R002C60" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iBMC", + "version": { + "version_data": [ + { + "version_value": "V200R002C60" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8015.json b/2018/8xxx/CVE-2018-8015.json index ed4f35fd07d..48cee6607c2 100644 --- a/2018/8xxx/CVE-2018-8015.json +++ b/2018/8xxx/CVE-2018-8015.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-05-17T00:00:00", - "ID" : "CVE-2018-8015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache ORC", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0 to 1.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-05-17T00:00:00", + "ID": "CVE-2018-8015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache ORC", + "version": { + "version_data": [ + { + "version_value": "1.0.0 to 1.4.3" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://orc.apache.org/security/CVE-2018-8015/", - "refsource" : "CONFIRM", - "url" : "https://orc.apache.org/security/CVE-2018-8015/" - }, - { - "name" : "104215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://orc.apache.org/security/CVE-2018-8015/", + "refsource": "CONFIRM", + "url": "https://orc.apache.org/security/CVE-2018-8015/" + }, + { + "name": "104215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104215" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8122.json b/2018/8xxx/CVE-2018-8122.json index 01cbffdaba5..1a203384136 100644 --- a/2018/8xxx/CVE-2018-8122.json +++ b/2018/8xxx/CVE-2018-8122.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8122", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8122" - }, - { - "name" : "103995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103995" - }, - { - "name" : "1040846", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040846", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040846" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8122", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8122" + }, + { + "name": "103995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103995" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8730.json b/2018/8xxx/CVE-2018-8730.json index f29d58bf637..3c6990321ff 100644 --- a/2018/8xxx/CVE-2018-8730.json +++ b/2018/8xxx/CVE-2018-8730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8730", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8730", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8830.json b/2018/8xxx/CVE-2018-8830.json index 378d0ee32e2..e7acae970e3 100644 --- a/2018/8xxx/CVE-2018-8830.json +++ b/2018/8xxx/CVE-2018-8830.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8830", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8830", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file