From d95e4164aab1b4a9466ea1cae812d8ea0cd06d74 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:00:21 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0076.json | 130 +++++++++--------- 2005/0xxx/CVE-2005-0270.json | 150 ++++++++++----------- 2005/0xxx/CVE-2005-0419.json | 130 +++++++++--------- 2005/0xxx/CVE-2005-0542.json | 150 ++++++++++----------- 2005/0xxx/CVE-2005-0628.json | 140 +++++++++---------- 2005/1xxx/CVE-2005-1283.json | 160 +++++++++++----------- 2005/1xxx/CVE-2005-1543.json | 210 ++++++++++++++--------------- 2005/3xxx/CVE-2005-3215.json | 130 +++++++++--------- 2005/3xxx/CVE-2005-3251.json | 160 +++++++++++----------- 2005/3xxx/CVE-2005-3657.json | 170 +++++++++++------------ 2005/3xxx/CVE-2005-3780.json | 170 +++++++++++------------ 2005/4xxx/CVE-2005-4360.json | 230 +++++++++++++++---------------- 2005/4xxx/CVE-2005-4764.json | 140 +++++++++---------- 2009/0xxx/CVE-2009-0160.json | 190 +++++++++++++------------- 2009/0xxx/CVE-2009-0238.json | 220 +++++++++++++++--------------- 2009/0xxx/CVE-2009-0345.json | 170 +++++++++++------------ 2009/0xxx/CVE-2009-0537.json | 180 ++++++++++++------------- 2009/0xxx/CVE-2009-0993.json | 190 +++++++++++++------------- 2009/3xxx/CVE-2009-3057.json | 130 +++++++++--------- 2009/3xxx/CVE-2009-3088.json | 130 +++++++++--------- 2009/3xxx/CVE-2009-3281.json | 160 +++++++++++----------- 2009/3xxx/CVE-2009-3880.json | 190 +++++++++++++------------- 2009/4xxx/CVE-2009-4008.json | 140 +++++++++---------- 2009/4xxx/CVE-2009-4060.json | 170 +++++++++++------------ 2009/4xxx/CVE-2009-4765.json | 150 ++++++++++----------- 2009/4xxx/CVE-2009-4805.json | 150 ++++++++++----------- 2009/4xxx/CVE-2009-4824.json | 170 +++++++++++------------ 2012/2xxx/CVE-2012-2361.json | 130 +++++++++--------- 2012/2xxx/CVE-2012-2600.json | 34 ++--- 2012/2xxx/CVE-2012-2719.json | 160 +++++++++++----------- 2012/2xxx/CVE-2012-2928.json | 170 +++++++++++------------ 2015/0xxx/CVE-2015-0386.json | 130 +++++++++--------- 2015/0xxx/CVE-2015-0732.json | 140 +++++++++---------- 2015/1xxx/CVE-2015-1025.json | 34 ++--- 2015/1xxx/CVE-2015-1780.json | 34 ++--- 2015/1xxx/CVE-2015-1982.json | 130 +++++++++--------- 2015/5xxx/CVE-2015-5087.json | 140 +++++++++---------- 2015/5xxx/CVE-2015-5152.json | 130 +++++++++--------- 2015/5xxx/CVE-2015-5167.json | 140 +++++++++---------- 2015/5xxx/CVE-2015-5264.json | 150 ++++++++++----------- 2015/5xxx/CVE-2015-5759.json | 150 ++++++++++----------- 2015/5xxx/CVE-2015-5772.json | 150 ++++++++++----------- 2018/11xxx/CVE-2018-11237.json | 150 ++++++++++----------- 2018/11xxx/CVE-2018-11268.json | 130 +++++++++--------- 2018/11xxx/CVE-2018-11933.json | 34 ++--- 2018/3xxx/CVE-2018-3487.json | 34 ++--- 2018/3xxx/CVE-2018-3493.json | 34 ++--- 2018/3xxx/CVE-2018-3725.json | 122 ++++++++--------- 2018/6xxx/CVE-2018-6111.json | 172 +++++++++++------------ 2018/7xxx/CVE-2018-7133.json | 34 ++--- 2018/7xxx/CVE-2018-7238.json | 122 ++++++++--------- 2018/7xxx/CVE-2018-7348.json | 34 ++--- 2018/7xxx/CVE-2018-7584.json | 240 ++++++++++++++++----------------- 2018/7xxx/CVE-2018-7898.json | 34 ++--- 2018/7xxx/CVE-2018-7931.json | 120 ++++++++--------- 2018/8xxx/CVE-2018-8138.json | 34 ++--- 2018/8xxx/CVE-2018-8292.json | 172 +++++++++++------------ 2018/8xxx/CVE-2018-8431.json | 166 +++++++++++------------ 2018/8xxx/CVE-2018-8806.json | 120 ++++++++--------- 59 files changed, 3992 insertions(+), 3992 deletions(-) diff --git a/2005/0xxx/CVE-2005-0076.json b/2005/0xxx/CVE-2005-0076.json index 7452717f049..f85a1ae6797 100644 --- a/2005/0xxx/CVE-2005-0076.json +++ b/2005/0xxx/CVE-2005-0076.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-672", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-672" - }, - { - "name" : "xview-xvparseone-bo(19271)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xview-xvparseone-bo(19271)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19271" + }, + { + "name": "DSA-672", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-672" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0270.json b/2005/0xxx/CVE-2005-0270.json index abdd93ffc77..8673085e4c2 100644 --- a/2005/0xxx/CVE-2005-0270.json +++ b/2005/0xxx/CVE-2005-0270.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050103 Serious Vulnerabilities In PhotoPost ReviewPost", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110485682424110&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00062-01022005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00062-01022005" - }, - { - "name" : "13697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13697/" - }, - { - "name" : "reviewpost-php-xss(18731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "reviewpost-php-xss(18731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18731" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00062-01022005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00062-01022005" + }, + { + "name": "13697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13697/" + }, + { + "name": "20050103 Serious Vulnerabilities In PhotoPost ReviewPost", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110485682424110&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0419.json b/2005/0xxx/CVE-2005-0419.json index c8bea9c82c9..f387a2a9709 100644 --- a/2005/0xxx/CVE-2005-0419.json +++ b/2005/0xxx/CVE-2005-0419.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050207 Vulnerability in 3Com 3CServer v1.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110780306326130&w=2" - }, - { - "name" : "3cserver-multiple-command-bo(19250)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3cserver-multiple-command-bo(19250)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19250" + }, + { + "name": "20050207 Vulnerability in 3Com 3CServer v1.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110780306326130&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0542.json b/2005/0xxx/CVE-2005-0542.json index e488328bbfd..875ce445522 100644 --- a/2005/0xxx/CVE-2005-0542.json +++ b/2005/0xxx/CVE-2005-0542.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050224 Cyclades AlterPath Manager Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110924450827137&w=2" - }, - { - "name" : "http://www.cirt.net/advisories/alterpath_privesc.shtml", - "refsource" : "MISC", - "url" : "http://www.cirt.net/advisories/alterpath_privesc.shtml" - }, - { - "name" : "14074", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14074" - }, - { - "name" : "14378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14074", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14074" + }, + { + "name": "14378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14378" + }, + { + "name": "20050224 Cyclades AlterPath Manager Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110924450827137&w=2" + }, + { + "name": "http://www.cirt.net/advisories/alterpath_privesc.shtml", + "refsource": "MISC", + "url": "http://www.cirt.net/advisories/alterpath_privesc.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0628.json b/2005/0xxx/CVE-2005-0628.json index e116875ff5d..07c0ec1034d 100644 --- a/2005/0xxx/CVE-2005-0628.json +++ b/2005/0xxx/CVE-2005-0628.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050301 Forumwa search.php xss vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110971101826900&w=2" - }, - { - "name" : "12689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12689" - }, - { - "name" : "14418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14418" + }, + { + "name": "20050301 Forumwa search.php xss vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110971101826900&w=2" + }, + { + "name": "12689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12689" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1283.json b/2005/1xxx/CVE-2005-1283.json index 9a9265d84d2..f37d17edc82 100644 --- a/2005/1xxx/CVE-2005-1283.json +++ b/2005/1xxx/CVE-2005-1283.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050422 Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111419001527077&w=2" - }, - { - "name" : "15821", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15821" - }, - { - "name" : "15823", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15823" - }, - { - "name" : "argosoft-mail-server-dir-traversal(20229)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20229" - }, - { - "name" : "argosoft-mail-server-eml-files-dir-traversal(20226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "argosoft-mail-server-dir-traversal(20229)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20229" + }, + { + "name": "20050422 Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111419001527077&w=2" + }, + { + "name": "argosoft-mail-server-eml-files-dir-traversal(20226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20226" + }, + { + "name": "15823", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15823" + }, + { + "name": "15821", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15821" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1543.json b/2005/1xxx/CVE-2005-1543.json index eb37c5911e4..1b15cae39b5 100644 --- a/2005/1xxx/CVE-2005-1543.json +++ b/2005/1xxx/CVE-2005-1543.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050518 NOVELL ZENWORKS MULTIPLE =?utf-8?Q?REM=C3=98TE?= STACK & HEAP OVERFLOWS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111645317713662&w=2" - }, - { - "name" : "http://www.rem0te.com/public/images/zen.pdf", - "refsource" : "MISC", - "url" : "http://www.rem0te.com/public/images/zen.pdf" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097644.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097644.htm" - }, - { - "name" : "13678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13678" - }, - { - "name" : "ADV-2005-0571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0571" - }, - { - "name" : "1014005", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014005" - }, - { - "name" : "15433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15433" - }, - { - "name" : "novell-zenwork-remote-management-1-bo(20644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20644" - }, - { - "name" : "novell-zenwork-remote-management-bo(20639)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20639" - }, - { - "name" : "novell-zenwork-remote-management-2-bo(20645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rem0te.com/public/images/zen.pdf", + "refsource": "MISC", + "url": "http://www.rem0te.com/public/images/zen.pdf" + }, + { + "name": "13678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13678" + }, + { + "name": "novell-zenwork-remote-management-bo(20639)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20639" + }, + { + "name": "1014005", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014005" + }, + { + "name": "ADV-2005-0571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0571" + }, + { + "name": "20050518 NOVELL ZENWORKS MULTIPLE =?utf-8?Q?REM=C3=98TE?= STACK & HEAP OVERFLOWS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111645317713662&w=2" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097644.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097644.htm" + }, + { + "name": "novell-zenwork-remote-management-2-bo(20645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20645" + }, + { + "name": "15433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15433" + }, + { + "name": "novell-zenwork-remote-management-1-bo(20644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20644" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3215.json b/2005/3xxx/CVE-2005-3215.json index 2d1dcf31f3d..254ace63247 100644 --- a/2005/3xxx/CVE-2005-3215.json +++ b/2005/3xxx/CVE-2005-3215.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in unspecified versions of McAfee Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Antivirus detection bypass by special crafted archive.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" - }, - { - "name" : "http://shadock.net/secubox/AVCraftedArchive.html", - "refsource" : "MISC", - "url" : "http://shadock.net/secubox/AVCraftedArchive.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in unspecified versions of McAfee Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shadock.net/secubox/AVCraftedArchive.html", + "refsource": "MISC", + "url": "http://shadock.net/secubox/AVCraftedArchive.html" + }, + { + "name": "20051007 Antivirus detection bypass by special crafted archive.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3251.json b/2005/3xxx/CVE-2005-3251.json index 0a45887c294..6c0334d3431 100644 --- a/2005/3xxx/CVE-2005-3251.json +++ b/2005/3xxx/CVE-2005-3251.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via \"..\" sequences in the g2_itemId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dipper.info/security/20051012/", - "refsource" : "MISC", - "url" : "http://dipper.info/security/20051012/" - }, - { - "name" : "http://gallery.menalto.com/gallery_2.0.1_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_2.0.1_released" - }, - { - "name" : "http://www.vuxml.org/freebsd/47bdabcf-3cf9-11da-baa2-0004614cc33d.html", - "refsource" : "MISC", - "url" : "http://www.vuxml.org/freebsd/47bdabcf-3cf9-11da-baa2-0004614cc33d.html" - }, - { - "name" : "17205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17205" - }, - { - "name" : "88", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/88" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via \"..\" sequences in the g2_itemId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gallery.menalto.com/gallery_2.0.1_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_2.0.1_released" + }, + { + "name": "http://www.vuxml.org/freebsd/47bdabcf-3cf9-11da-baa2-0004614cc33d.html", + "refsource": "MISC", + "url": "http://www.vuxml.org/freebsd/47bdabcf-3cf9-11da-baa2-0004614cc33d.html" + }, + { + "name": "17205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17205" + }, + { + "name": "http://dipper.info/security/20051012/", + "refsource": "MISC", + "url": "http://dipper.info/security/20051012/" + }, + { + "name": "88", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/88" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3657.json b/2005/3xxx/CVE-2005-3657.json index 5779a8715fc..89f8dcc3b1a 100644 --- a/2005/3xxx/CVE-2005-3657.json +++ b/2005/3xxx/CVE-2005-3657.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=358" - }, - { - "name" : "15986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15986" - }, - { - "name" : "ADV-2005-3006", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3006" - }, - { - "name" : "1015390", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015390" - }, - { - "name" : "18169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18169" - }, - { - "name" : "279", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "279", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/279" + }, + { + "name": "1015390", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015390" + }, + { + "name": "ADV-2005-3006", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3006" + }, + { + "name": "20051220 McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=358" + }, + { + "name": "15986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15986" + }, + { + "name": "18169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18169" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3780.json b/2005/3xxx/CVE-2005-3780.json index 1726dd5bd61..01b64bdbc86 100644 --- a/2005/3xxx/CVE-2005-3780.json +++ b/2005/3xxx/CVE-2005-3780.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=372666", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=372666" - }, - { - "name" : "15534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15534" - }, - { - "name" : "ADV-2005-2523", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2523" - }, - { - "name" : "21036", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21036" - }, - { - "name" : "21037", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21037" - }, - { - "name" : "17681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17681" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=372666", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=372666" + }, + { + "name": "21037", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21037" + }, + { + "name": "21036", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21036" + }, + { + "name": "ADV-2005-2523", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2523" + }, + { + "name": "15534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15534" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4360.json b/2005/4xxx/CVE-2005-4360.json index 4ce24cf7f4b..831709c2130 100644 --- a/2005/4xxx/CVE-2005-4360.json +++ b/2005/4xxx/CVE-2005-4360.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to \".dll\" followed by arguments such as \"~0\" through \"~9\", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using \"/_vti_bin/.dll/*/~0\". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051216 Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419707/100/0/threaded" - }, - { - "name" : "http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html", - "refsource" : "MISC", - "url" : "http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html" - }, - { - "name" : "SSRT071446", - "refsource" : "HP", - "url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" - }, - { - "name" : "MS07-041", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041" - }, - { - "name" : "TA07-191A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" - }, - { - "name" : "15921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15921" - }, - { - "name" : "ADV-2005-2963", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2963" - }, - { - "name" : "21805", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21805" - }, - { - "name" : "oval:org.mitre.oval:def:1703", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1703" - }, - { - "name" : "1015376", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2005/Dec/1015376.html" - }, - { - "name" : "18106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18106" - }, - { - "name" : "271", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to \".dll\" followed by arguments such as \"~0\" through \"~9\", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using \"/_vti_bin/.dll/*/~0\". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT071446", + "refsource": "HP", + "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" + }, + { + "name": "20051216 Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419707/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1703", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1703" + }, + { + "name": "271", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/271" + }, + { + "name": "1015376", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2005/Dec/1015376.html" + }, + { + "name": "21805", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21805" + }, + { + "name": "http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html", + "refsource": "MISC", + "url": "http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html" + }, + { + "name": "ADV-2005-2963", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2963" + }, + { + "name": "MS07-041", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041" + }, + { + "name": "15921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15921" + }, + { + "name": "TA07-191A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" + }, + { + "name": "18106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18106" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4764.json b/2005/4xxx/CVE-2005-4764.json index e707aa96f97..110f65e0c94 100644 --- a/2005/4xxx/CVE-2005-4764.json +++ b/2005/4xxx/CVE-2005-4764.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA05-101.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/155" - }, - { - "name" : "15052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15052" - }, - { - "name" : "17138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA05-101.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/155" + }, + { + "name": "15052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15052" + }, + { + "name": "17138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17138" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0160.json b/2009/0xxx/CVE-2009-0160.json index 5c3607c3cf5..7001c935b66 100644 --- a/2009/0xxx/CVE-2009-0160.json +++ b/2009/0xxx/CVE-2009-0160.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "34926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34926" - }, - { - "name" : "34937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34937" - }, - { - "name" : "1022209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022209" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "34937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34937" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "1022209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022209" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "34926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34926" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0238.json b/2009/0xxx/CVE-2009-0238.json index 363e7c67a81..8f8523f8311 100644 --- a/2009/0xxx/CVE-2009-0238.json +++ b/2009/0xxx/CVE-2009-0238.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.zdnet.com/security/?p=2658", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=2658" - }, - { - "name" : "http://isc.sans.org/diary.html?storyid=5923", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=5923" - }, - { - "name" : "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99", - "refsource" : "MISC", - "url" : "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/968272.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/968272.mspx" - }, - { - "name" : "MS09-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009" - }, - { - "name" : "TA09-104A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" - }, - { - "name" : "33870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33870" - }, - { - "name" : "oval:org.mitre.oval:def:5968", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968" - }, - { - "name" : "1021744", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021744" - }, - { - "name" : "ADV-2009-1023", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1023" - }, - { - "name" : "ms-excel-unspecified-code-execution(48875)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.microsoft.com/technet/security/advisory/968272.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx" + }, + { + "name": "ADV-2009-1023", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1023" + }, + { + "name": "ms-excel-unspecified-code-execution(48875)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875" + }, + { + "name": "TA09-104A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" + }, + { + "name": "33870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33870" + }, + { + "name": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99", + "refsource": "MISC", + "url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99" + }, + { + "name": "MS09-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009" + }, + { + "name": "oval:org.mitre.oval:def:5968", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968" + }, + { + "name": "http://isc.sans.org/diary.html?storyid=5923", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=5923" + }, + { + "name": "1021744", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021744" + }, + { + "name": "http://blogs.zdnet.com/security/?p=2658", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=2658" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0345.json b/2009/0xxx/CVE-2009-0345.json index ce945252b24..41a3d239a69 100644 --- a/2009/0xxx/CVE-2009-0345.json +++ b/2009/0xxx/CVE-2009-0345.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "239886", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1" - }, - { - "name" : "33506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33506" - }, - { - "name" : "ADV-2009-0281", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0281" - }, - { - "name" : "1021646", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021646" - }, - { - "name" : "33726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33726" - }, - { - "name" : "sunfire-elom-unauth-access(48329)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33506" + }, + { + "name": "ADV-2009-0281", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0281" + }, + { + "name": "33726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33726" + }, + { + "name": "sunfire-elom-unauth-access(48329)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48329" + }, + { + "name": "239886", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1" + }, + { + "name": "1021646", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021646" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0537.json b/2009/0xxx/CVE-2009-0537.json index 31076ac4566..90a319a2378 100644 --- a/2009/0xxx/CVE-2009-0537.json +++ b/2009/0xxx/CVE-2009-0537.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090304 libc:fts_*():multiple vendors, Denial-of-service", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/60" - }, - { - "name" : "20090305 libc:fts_*():multiple vendors, Denial-of-service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501505/100/0/threaded" - }, - { - "name" : "8163", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8163" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41;r2=1.42;f=h", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41;r2=1.42;f=h" - }, - { - "name" : "34008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34008" - }, - { - "name" : "1021818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8163", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8163" + }, + { + "name": "1021818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021818" + }, + { + "name": "20090304 libc:fts_*():multiple vendors, Denial-of-service", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/60" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41;r2=1.42;f=h", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41;r2=1.42;f=h" + }, + { + "name": "34008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34008" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c" + }, + { + "name": "20090305 libc:fts_*():multiple vendors, Denial-of-service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501505/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0993.json b/2009/0xxx/CVE-2009-0993.json index 30785c0b6ad..d141cabd1e7 100644 --- a/2009/0xxx/CVE-2009-0993.json +++ b/2009/0xxx/CVE-2009-0993.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled when logging to opmn/logs/opmn.log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-0993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090414 ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502683/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-017", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-017" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "1022055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022055" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - }, - { - "name" : "oracle-appserver-opmn-unspecified(50030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled when logging to opmn/logs/opmn.log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022055" + }, + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-017", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-017" + }, + { + "name": "oracle-appserver-opmn-unspecified(50030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50030" + }, + { + "name": "20090414 ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502683/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3057.json b/2009/3xxx/CVE-2009-3057.json index 90cde66e6e3..e4c18ce1534 100644 --- a/2009/3xxx/CVE-2009-3057.json +++ b/2009/3xxx/CVE-2009-3057.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0909-exploits/beex-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0909-exploits/beex-xss.txt" - }, - { - "name" : "36550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36550" + }, + { + "name": "http://packetstormsecurity.org/0909-exploits/beex-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0909-exploits/beex-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3088.json b/2009/3xxx/CVE-2009-3088.json index d422b19c2a2..9725793a0c5 100644 --- a/2009/3xxx/CVE-2009-3088.json +++ b/2009/3xxx/CVE-2009-3088.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to have an unspecified impact via unknown vectors that trigger heap corruption, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to have an unspecified impact via unknown vectors that trigger heap corruption, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36565" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3281.json b/2009/3xxx/CVE-2009-3281.json index 8da28f93e90..7f6d0544b05 100644 --- a/2009/3xxx/CVE-2009-3281.json +++ b/2009/3xxx/CVE-2009-3281.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security-announce] 20091001 VMSA-2009-0013 VMware Fusion resolves two security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2009/000066.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0013.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0013.html" - }, - { - "name" : "1022981", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022981" - }, - { - "name" : "36928", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36928" - }, - { - "name" : "ADV-2009-2811", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[security-announce] 20091001 VMSA-2009-0013 VMware Fusion resolves two security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2009/000066.html" + }, + { + "name": "ADV-2009-2811", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2811" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0013.html" + }, + { + "name": "36928", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36928" + }, + { + "name": "1022981", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022981" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3880.json b/2009/3xxx/CVE-2009-3880.json index 7c9535168c5..4848ca0bb7f 100644 --- a/2009/3xxx/CVE-2009-3880.json +++ b/2009/3xxx/CVE-2009-3880.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" - }, - { - "name" : "http://java.sun.com/javase/6/webnotes/6u17.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u17.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=530296", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=530296" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "MDVSA-2010:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" - }, - { - "name" : "oval:org.mitre.oval:def:10761", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10761" - }, - { - "name" : "oval:org.mitre.oval:def:7316", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7316" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7316", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7316" + }, + { + "name": "oval:org.mitre.oval:def:10761", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10761" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=530296", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530296" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u17.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u17.html" + }, + { + "name": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" + }, + { + "name": "MDVSA-2010:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4008.json b/2009/4xxx/CVE-2009-4008.json index bc1114d7471..46d7f5d8ec1 100644 --- a/2009/4xxx/CVE-2009-4008.json +++ b/2009/4xxx/CVE-2009-4008.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog", - "refsource" : "MISC", - "url" : "http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog" - }, - { - "name" : "http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz", - "refsource" : "MISC", - "url" : "http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz" - }, - { - "name" : "DSA-2243", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz", + "refsource": "MISC", + "url": "http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog", + "refsource": "MISC", + "url": "http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog" + }, + { + "name": "DSA-2243", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2243" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4060.json b/2009/4xxx/CVE-2009-4060.json index affe3ec2b0b..ce24b21f84f 100644 --- a/2009/4xxx/CVE-2009-4060.json +++ b/2009/4xxx/CVE-2009-4060.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.cubecart.com/index.php?showtopic=39900", - "refsource" : "CONFIRM", - "url" : "http://forums.cubecart.com/index.php?showtopic=39900" - }, - { - "name" : "37065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37065" - }, - { - "name" : "60306", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60306" - }, - { - "name" : "37402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37402" - }, - { - "name" : "ADV-2009-3290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3290" - }, - { - "name" : "cubecart-viewprod-sql-injection(54331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37065" + }, + { + "name": "60306", + "refsource": "OSVDB", + "url": "http://osvdb.org/60306" + }, + { + "name": "http://forums.cubecart.com/index.php?showtopic=39900", + "refsource": "CONFIRM", + "url": "http://forums.cubecart.com/index.php?showtopic=39900" + }, + { + "name": "ADV-2009-3290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3290" + }, + { + "name": "37402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37402" + }, + { + "name": "cubecart-viewprod-sql-injection(54331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54331" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4765.json b/2009/4xxx/CVE-2009-4765.json index 11cc4ed45fd..141290848a5 100644 --- a/2009/4xxx/CVE-2009-4765.json +++ b/2009/4xxx/CVE-2009-4765.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/hikaye.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/aspcnrhikaye-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/aspcnrhikaye-disclose.txt" - }, - { - "name" : "61480", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61480" - }, - { - "name" : "38103", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38103" - }, - { - "name" : "ADV-2010-0032", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/hikaye.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61480", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61480" + }, + { + "name": "38103", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38103" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/aspcnrhikaye-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/aspcnrhikaye-disclose.txt" + }, + { + "name": "ADV-2010-0032", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0032" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4805.json b/2009/4xxx/CVE-2009-4805.json index 32ed7d013b3..d5130497fff 100644 --- a/2009/4xxx/CVE-2009-4805.json +++ b/2009/4xxx/CVE-2009-4805.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090301 EZ-Blog Beta 1 Multiple SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501352/100/0/threaded" - }, - { - "name" : "8128", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8128" - }, - { - "name" : "33947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33947" - }, - { - "name" : "ezblog-view-sql-injection(49013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ezblog-view-sql-injection(49013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49013" + }, + { + "name": "8128", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8128" + }, + { + "name": "20090301 EZ-Blog Beta 1 Multiple SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501352/100/0/threaded" + }, + { + "name": "33947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33947" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4824.json b/2009/4xxx/CVE-2009-4824.json index 91f1099626c..08755f304d6 100644 --- a/2009/4xxx/CVE-2009-4824.json +++ b/2009/4xxx/CVE-2009-4824.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an \"image upload form.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://files.kolab.org/server/release/kolab-server-2.2.3/sources/release-notes.txt", - "refsource" : "CONFIRM", - "url" : "http://files.kolab.org/server/release/kolab-server-2.2.3/sources/release-notes.txt" - }, - { - "name" : "MDVSA-2010:108", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:108" - }, - { - "name" : "37465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37465" - }, - { - "name" : "61301", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61301" - }, - { - "name" : "37918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37918" - }, - { - "name" : "ADV-2010-1245", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an \"image upload form.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://files.kolab.org/server/release/kolab-server-2.2.3/sources/release-notes.txt", + "refsource": "CONFIRM", + "url": "http://files.kolab.org/server/release/kolab-server-2.2.3/sources/release-notes.txt" + }, + { + "name": "37918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37918" + }, + { + "name": "MDVSA-2010:108", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:108" + }, + { + "name": "61301", + "refsource": "OSVDB", + "url": "http://osvdb.org/61301" + }, + { + "name": "ADV-2010-1245", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1245" + }, + { + "name": "37465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37465" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2361.json b/2012/2xxx/CVE-2012-2361.json index 4fa72335553..94b3d041835 100644 --- a/2012/2xxx/CVE-2012-2361.json +++ b/2012/2xxx/CVE-2012-2361.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120523 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/05/23/2" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31694", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120523 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/05/23/2" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31694", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31694" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2600.json b/2012/2xxx/CVE-2012-2600.json index ddd750a920f..dd7effbfb50 100644 --- a/2012/2xxx/CVE-2012-2600.json +++ b/2012/2xxx/CVE-2012-2600.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2600", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2600", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2719.json b/2012/2xxx/CVE-2012-2719.json index 0332620cd7a..d5affdec3c5 100644 --- a/2012/2xxx/CVE-2012-2719.json +++ b/2012/2xxx/CVE-2012-2719.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to \"switch users\" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka \"Session Management Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" - }, - { - "name" : "http://drupal.org/node/1608864", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1608864" - }, - { - "name" : "http://drupal.org/node/1598782", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1598782" - }, - { - "name" : "82575", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82575" - }, - { - "name" : "49316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to \"switch users\" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka \"Session Management Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3" + }, + { + "name": "82575", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82575" + }, + { + "name": "http://drupal.org/node/1608864", + "refsource": "MISC", + "url": "http://drupal.org/node/1608864" + }, + { + "name": "http://drupal.org/node/1598782", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1598782" + }, + { + "name": "49316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49316" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2928.json b/2012/2xxx/CVE-2012-2928.json index 26352b84b12..195ce97f6a5 100644 --- a/2012/2xxx/CVE-2012-2928.json +++ b/2012/2xxx/CVE-2012-2928.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17", - "refsource" : "CONFIRM", - "url" : "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17" - }, - { - "name" : "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17", - "refsource" : "CONFIRM", - "url" : "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17" - }, - { - "name" : "53595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53595" - }, - { - "name" : "81993", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81993" - }, - { - "name" : "49166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49166" - }, - { - "name" : "jira-xml-dos(75697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49166" + }, + { + "name": "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17", + "refsource": "CONFIRM", + "url": "http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17" + }, + { + "name": "81993", + "refsource": "OSVDB", + "url": "http://osvdb.org/81993" + }, + { + "name": "53595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53595" + }, + { + "name": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17", + "refsource": "CONFIRM", + "url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17" + }, + { + "name": "jira-xml-dos(75697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75697" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0386.json b/2015/0xxx/CVE-2015-0386.json index e920ac3a4ef..7591daa0254 100644 --- a/2015/0xxx/CVE-2015-0386.json +++ b/2015/0xxx/CVE-2015-0386.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "72193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72193" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0732.json b/2015/0xxx/CVE-2015-0732.json index 55e2dc9be23..ff1ac467a88 100644 --- a/2015/0xxx/CVE-2015-0732.json +++ b/2015/0xxx/CVE-2015-0732.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150727 Cisco Email Security Appliance AsyncOS Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40172" - }, - { - "name" : "1033086", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033086" - }, - { - "name" : "1033087", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033086", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033086" + }, + { + "name": "20150727 Cisco Email Security Appliance AsyncOS Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40172" + }, + { + "name": "1033087", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033087" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1025.json b/2015/1xxx/CVE-2015-1025.json index 246424540c4..ace41513835 100644 --- a/2015/1xxx/CVE-2015-1025.json +++ b/2015/1xxx/CVE-2015-1025.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1025", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1025", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1780.json b/2015/1xxx/CVE-2015-1780.json index f294952cd85..ce95f8c02b2 100644 --- a/2015/1xxx/CVE-2015-1780.json +++ b/2015/1xxx/CVE-2015-1780.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1780", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1780", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1982.json b/2015/1xxx/CVE-2015-1982.json index 3cee74f4928..fb71d217c3a 100644 --- a/2015/1xxx/CVE-2015-1982.json +++ b/2015/1xxx/CVE-2015-1982.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960244", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960244" - }, - { - "name" : "75477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960244", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960244" + }, + { + "name": "75477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75477" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5087.json b/2015/5xxx/CVE-2015-5087.json index f8bbb74fc14..d903cc0b917 100644 --- a/2015/5xxx/CVE-2015-5087.json +++ b/2015/5xxx/CVE-2015-5087.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "75740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75740" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "75740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75740" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5152.json b/2015/5xxx/CVE-2015-5152.json index 7d464a71ac4..471a7ceac2c 100644 --- a/2015/5xxx/CVE-2015-5152.json +++ b/2015/5xxx/CVE-2015-5152.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.theforeman.org/issues/11119", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/11119" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1243571", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1243571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://projects.theforeman.org/issues/11119", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/11119" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243571", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243571" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5167.json b/2015/5xxx/CVE-2015-5167.json index 25b95d7a64a..353cb3bda3c 100644 --- a/2015/5xxx/CVE-2015-5167.json +++ b/2015/5xxx/CVE-2015-5167.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ranger-dev] 20160205 CVE update (CVE-2015-5167 & CVE-2016-0733) - Fixed in Ranger 0.5.1", - "refsource" : "MLIST", - "url" : "https://mail-archives.apache.org/mod_mbox/ranger-dev/201602.mbox/%3CD2D9A4C5.114ECA%25vel@apache.org%3E" - }, - { - "name" : "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger" - }, - { - "name" : "82871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/82871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "82871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/82871" + }, + { + "name": "[ranger-dev] 20160205 CVE update (CVE-2015-5167 & CVE-2016-0733) - Fixed in Ranger 0.5.1", + "refsource": "MLIST", + "url": "https://mail-archives.apache.org/mod_mbox/ranger-dev/201602.mbox/%3CD2D9A4C5.114ECA%25vel@apache.org%3E" + }, + { + "name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5264.json b/2015/5xxx/CVE-2015-5264.json index f1d2edf7dd3..bb490f2d54e 100644 --- a/2015/5xxx/CVE-2015-5264.json +++ b/2015/5xxx/CVE-2015-5264.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150921 Moodle security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=320287", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=320287" - }, - { - "name" : "1033619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516" + }, + { + "name": "[oss-security] 20150921 Moodle security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" + }, + { + "name": "1033619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033619" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=320287", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=320287" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5759.json b/2015/5xxx/CVE-2015-5759.json index b9e442b5f73..baab4f8dec9 100644 --- a/2015/5xxx/CVE-2015-5759.json +++ b/2015/5xxx/CVE-2015-5759.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76337" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "76337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76337" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5772.json b/2015/5xxx/CVE-2015-5772.json index f8db8383ed6..11e7ed105d3 100644 --- a/2015/5xxx/CVE-2015-5772.json +++ b/2015/5xxx/CVE-2015-5772.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "76340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76340" - }, - { - "name" : "1033276", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76340" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "1033276", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033276" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11237.json b/2018/11xxx/CVE-2018-11237.json index dac1e225ae5..86c2a8192d2 100644 --- a/2018/11xxx/CVE-2018-11237.json +++ b/2018/11xxx/CVE-2018-11237.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44750", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44750/" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23196" - }, - { - "name" : "RHSA-2018:3092", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3092" - }, - { - "name" : "104256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23196", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23196" + }, + { + "name": "44750", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44750/" + }, + { + "name": "104256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104256" + }, + { + "name": "RHSA-2018:3092", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3092" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11268.json b/2018/11xxx/CVE-2018-11268.json index d0275f1a9bf..fa9d00ec600 100644 --- a/2018/11xxx/CVE-2018-11268.json +++ b/2018/11xxx/CVE-2018-11268.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in Storage" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in Storage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106845" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11933.json b/2018/11xxx/CVE-2018-11933.json index 020adb9678c..5fa834fc332 100644 --- a/2018/11xxx/CVE-2018-11933.json +++ b/2018/11xxx/CVE-2018-11933.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11933", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11933", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3487.json b/2018/3xxx/CVE-2018-3487.json index 6b809bc9ce0..c649d1ab34a 100644 --- a/2018/3xxx/CVE-2018-3487.json +++ b/2018/3xxx/CVE-2018-3487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3487", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3487", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3493.json b/2018/3xxx/CVE-2018-3493.json index 528c4532940..1ffe143781c 100644 --- a/2018/3xxx/CVE-2018-3493.json +++ b/2018/3xxx/CVE-2018-3493.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3493", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3493", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3725.json b/2018/3xxx/CVE-2018-3725.json index be9593654d0..744cd2cf448 100644 --- a/2018/3xxx/CVE-2018-3725.json +++ b/2018/3xxx/CVE-2018-3725.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "hekto node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "hekto node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/311218", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/311218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/311218", + "refsource": "MISC", + "url": "https://hackerone.com/reports/311218" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6111.json b/2018/6xxx/CVE-2018-6111.json index 43dc1fde03c..98360d5fe36 100644 --- a/2018/6xxx/CVE-2018-6111.json +++ b/2018/6xxx/CVE-2018-6111.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "66.0.3359.117" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "66.0.3359.117" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/780694", - "refsource" : "MISC", - "url" : "https://crbug.com/780694" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "GLSA-201804-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-22" - }, - { - "name" : "RHSA-2018:1195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1195" - }, - { - "name" : "103917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201804-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-22" + }, + { + "name": "https://crbug.com/780694", + "refsource": "MISC", + "url": "https://crbug.com/780694" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + }, + { + "name": "103917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103917" + }, + { + "name": "RHSA-2018:1195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1195" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7133.json b/2018/7xxx/CVE-2018-7133.json index a3831f31cef..fa61cf7e117 100644 --- a/2018/7xxx/CVE-2018-7133.json +++ b/2018/7xxx/CVE-2018-7133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7238.json b/2018/7xxx/CVE-2018-7238.json index c0dfd9dd9cc..e545c131e4b 100644 --- a/2018/7xxx/CVE-2018-7238.json +++ b/2018/7xxx/CVE-2018-7238.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-03-01T00:00:00", - "ID" : "CVE-2018-7238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pelco Sarix Professional", - "version" : { - "version_data" : [ - { - "version_value" : "all firmware versions prior to 3.29.78" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-03-01T00:00:00", + "ID": "CVE-2018-7238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pelco Sarix Professional", + "version": { + "version_data": [ + { + "version_value": "all firmware versions prior to 3.29.78" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7348.json b/2018/7xxx/CVE-2018-7348.json index ddd1ef2c02f..cd640598df2 100644 --- a/2018/7xxx/CVE-2018-7348.json +++ b/2018/7xxx/CVE-2018-7348.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7348", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7348", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7584.json b/2018/7xxx/CVE-2018-7584.json index 98f2ef14659..629f5e58939 100644 --- a/2018/7xxx/CVE-2018-7584.json +++ b/2018/7xxx/CVE-2018-7584.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44846", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44846/" - }, - { - "name" : "[debian-lts-announce] 20180329 [SECURITY] [DLA 1326-1] php5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html" - }, - { - "name" : "[debian-lts-announce] 20180626 [SECURITY] [DLA 1397-1] php5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=75981", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=75981" - }, - { - "name" : "https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-03", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-03" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-12", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-12" - }, - { - "name" : "DSA-4240", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4240" - }, - { - "name" : "USN-3600-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3600-1/" - }, - { - "name" : "USN-3600-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3600-2/" - }, - { - "name" : "103204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103204" - }, - { - "name" : "1041607", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3600-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3600-1/" + }, + { + "name": "DSA-4240", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4240" + }, + { + "name": "https://bugs.php.net/bug.php?id=75981", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=75981" + }, + { + "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1326-1] php5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html" + }, + { + "name": "https://www.tenable.com/security/tns-2018-12", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-12" + }, + { + "name": "https://www.tenable.com/security/tns-2018-03", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-03" + }, + { + "name": "1041607", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041607" + }, + { + "name": "https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba" + }, + { + "name": "44846", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44846/" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "[debian-lts-announce] 20180626 [SECURITY] [DLA 1397-1] php5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html" + }, + { + "name": "USN-3600-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3600-2/" + }, + { + "name": "103204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103204" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7898.json b/2018/7xxx/CVE-2018-7898.json index d580b482603..03db9dff9b4 100644 --- a/2018/7xxx/CVE-2018-7898.json +++ b/2018/7xxx/CVE-2018-7898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7898", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7898", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7931.json b/2018/7xxx/CVE-2018-7931.json index 39d521677e6..c27c12b6f7f 100644 --- a/2018/7xxx/CVE-2018-7931.json +++ b/2018/7xxx/CVE-2018-7931.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AppGallery", - "version" : { - "version_data" : [ - { - "version_value" : "The versions before 8.0.4.301" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "whitelist mechanism bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AppGallery", + "version": { + "version_data": [ + { + "version_value": "The versions before 8.0.4.301" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "whitelist mechanism bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8138.json b/2018/8xxx/CVE-2018-8138.json index 21ec81e8709..c01539a7b7c 100644 --- a/2018/8xxx/CVE-2018-8138.json +++ b/2018/8xxx/CVE-2018-8138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8292.json b/2018/8xxx/CVE-2018-8292.json index 1e7a0224abd..c5506cbedbc 100644 --- a/2018/8xxx/CVE-2018-8292.json +++ b/2018/8xxx/CVE-2018-8292.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PowerShell Core", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - } - ] - } - }, - { - "product_name" : ".NET Core", - "version" : { - "version_data" : [ - { - "version_value" : "1.0" - }, - { - "version_value" : "1.1" - }, - { - "version_value" : "2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PowerShell Core", + "version": { + "version_data": [ + { + "version_value": "6.0" + } + ] + } + }, + { + "product_name": ".NET Core", + "version": { + "version_data": [ + { + "version_value": "1.0" + }, + { + "version_value": "1.1" + }, + { + "version_value": "2.1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292" - }, - { - "name" : "RHSA-2018:2902", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2902" - }, - { - "name" : "105548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2902", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2902" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292" + }, + { + "name": "105548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105548" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8431.json b/2018/8xxx/CVE-2018-8431.json index 529c62084ed..cdd40b7d40a 100644 --- a/2018/8xxx/CVE-2018-8431.json +++ b/2018/8xxx/CVE-2018-8431.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint Server", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2" - } - ] - } - }, - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Enterprise Server 2013 Service Pack 1" - }, - { - "version_value" : "Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8428." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Enterprise Server 2013 Service Pack 1" + }, + { + "version_value": "Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8431", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8431" - }, - { - "name" : "105221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105221" - }, - { - "name" : "1041639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8428." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041639" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8431", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8431" + }, + { + "name": "105221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105221" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8806.json b/2018/8xxx/CVE-2018-8806.json index 16c01b17c94..dc34073dd29 100644 --- a/2018/8xxx/CVE-2018-8806.json +++ b/2018/8xxx/CVE-2018-8806.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libming/libming/issues/128", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/128", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/128" + } + ] + } +} \ No newline at end of file